Zyxel Patches Critical OS Command Injection Flaw in Access Points and Routers

2024-09-04 11:27

Zyxel has released software updates to address a critical security flaw impacting certain access point (AP) and security router versions that could result in the execution of unauthorized commands. Tracked as CVE-2024-7261 (CVSS score: 9.8), the vulnerability has been described as a case of operating system (OS) command injection. "The improper neutralization of special elements in the

News URL

https://thehackernews.com/2024/09/zyxel-patches-critical-os-command.html

#commandinjection #critical #router #zyxel #CVE-2024-7261

Related Vulnerability

DATE	CVE	VULNERABILITY TITLE	RISK
2024-09-03	CVE-2024-7261	OS Command Injection vulnerability in Zyxel products The improper neutralization of special elements in the parameter "host" in the CGI program of Zyxel NWA1123ACv3 firmware version 6.70(ABVT.4) and earlier, WAC500 firmware version 6.70(ABVS.4) and earlier, WAX655E firmware version 7.00(ACDO.1) and earlier, WBE530 firmware version 7.00(ACLE.1) and earlier, and USG LITE 60AX firmware version V2.00(ACIP.2) could allow an unauthenticated attacker to execute OS commands by sending a crafted cookie to a vulnerable device. network low complexity zyxel CWE-78 critical	9.8

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Zyxel		382	0	82	95	51	228

News URL

Related news

Related Vulnerability

Related vendor