Security News > 2024 > June > Zyxel issues emergency RCE patch for end-of-life NAS devices
Zyxel Networks has released an emergency security update to address three critical vulnerabilities impacting older NAS devices that have reached end-of-life.
Although both NAS models reached the end of their support period on December 31, 2023, Zyxel released fixes for the three critical flaws in versions 5.21(AAZF.17)C0 for NAS326 and 5.21(ABAG.14)C0 for NAS542.
"Due to the critical severity of vulnerabilities CVE-2024-29972, CVE-2024-29973, and CVE-2024-29974, Zyxel has made patches available to customers despite the products already having reached end-of-vulnerability-support," reads a Zyxel security advisory.
Critical RCE bug in 92,000 D-Link NAS devices now exploited in attacks.
Widely used modems in industrial IoT devices open to SMS attack.
Over 50,000 Tinyproxy servers vulnerable to critical RCE flaw.
News URL
Related news
- Synology Urges Patch for Critical Zero-Click RCE Flaw Affecting Millions of NAS Devices (source)
- 'Patch yesterday': Zimbra mail servers under siege through RCE vuln (source)
- Week in review: Critical Zimbra RCE vulnerability exploited, Patch Tuesday forecast (source)
- VMware fixes bad patch for critical vCenter Server RCE flaw (source)
- Microsoft SharePoint RCE flaw exploits in the wild – you've had 3 months to patch (source)
- Critical 9.8-rated VMware vCenter RCE bug exploited after patch fumble (source)