Security News > 2024 > September > Critical flaw in Zyxel’s secure routers allows OS command execution via cookie (CVE-2024-7261)

Critical flaw in Zyxel’s secure routers allows OS command execution via cookie (CVE-2024-7261)
2024-09-03 12:47

Zyxel has patched a myriad of vulnerabilities in its various networking devices, including a critical one (CVE-2024-7261) that may allow unauthenticated attackers to execute OS commands on many Zyxel access points (APs) and security routers by sending a specially crafted cookie to the vulnerable devices. CVE-2024-7261 CVE-2024-7261 is an OS command injection vulnerability that stems from the improper neutralization of special elements in the parameter “host” in the CGI program of some AP and security … More → The post Critical flaw in Zyxel’s secure routers allows OS command execution via cookie (CVE-2024-7261) appeared first on Help Net Security.


News URL

https://www.helpnetsecurity.com/2024/09/03/cve-2024-7261/

Related news

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2024-09-03 CVE-2024-7261 OS Command Injection vulnerability in Zyxel products
The improper neutralization of special elements in the parameter "host" in the CGI program of Zyxel NWA1123ACv3 firmware version 6.70(ABVT.4) and earlier, WAC500 firmware version 6.70(ABVS.4) and earlier, WAX655E firmware version 7.00(ACDO.1) and earlier, WBE530 firmware version 7.00(ACLE.1) and earlier, and USG LITE 60AX firmware version V2.00(ACIP.2) could allow an unauthenticated attacker to execute OS commands by sending a crafted cookie to a vulnerable device.
network
low complexity
zyxel CWE-78
critical
 9.8
9.8