Security News > 2024 > September > Zyxel fixes critical command injection flaw in EOL NAS devices (CVE-2024-6342)
2024-09-10 09:01
Users of Zyxel network-attached storage (NAS) devices are urged to implement hotfixes addressing a critical and easily exploited command injection vulnerability (CVE-2024-6342). About CVE-2024-6342 Zyxel NAS devices are generally used by small to medium-sized businesses (SMBs) for data storage and backup. CVE-2024-6342 – reported by Nanyu Zhong and Jinwei Dong from VARAS@IIE – is a vulnerability in the export-cgi program of Zyxel NAS326 and NAS542 devices that can be triggered by unauthenticated attackers via a … More → The post Zyxel fixes critical command injection flaw in EOL NAS devices (CVE-2024-6342) appeared first on Help Net Security.
News URL
https://www.helpnetsecurity.com/2024/09/10/cve-2024-6342/
Related news
- Critical Zimbra RCE vulnerability under mass exploitation (CVE-2024-45519) (source)
- Critical Ivanti Endpoint Manager flaw exploited (CVE-2024-29824) (source)
- Exploit code for critical GitLab auth bypass flaw released (CVE-2024-45409) (source)
- VMware fixes critical vCenter Server RCE bug – again! (CVE-2024-38812) (source)
- Millions of Synology NAS devices vulnerable to zero-click attacks (CVE-2024-10443) (source)
- Synology Urges Patch for Critical Zero-Click RCE Flaw Affecting Millions of NAS Devices (source)
- Critical vulnerability in Cisco industrial wireless access points fixed (CVE-2024-20418) (source)
- Critical Palo Alto Networks Expedition bug exploited (CVE-2024-5910) (source)
- D-Link won’t fix critical flaw affecting 60,000 older NAS devices (source)
- Critical bug in EoL D-Link NAS devices now exploited in attacks (source)