Security News > 2024 > September > Zyxel fixes critical command injection flaw in EOL NAS devices (CVE-2024-6342)
Users of Zyxel network-attached storage (NAS) devices are urged to implement hotfixes addressing a critical and easily exploited command injection vulnerability (CVE-2024-6342). About CVE-2024-6342 Zyxel NAS devices are generally used by small to medium-sized businesses (SMBs) for data storage and backup. CVE-2024-6342 – reported by Nanyu Zhong and Jinwei Dong from VARAS@IIE – is a vulnerability in the export-cgi program of Zyxel NAS326 and NAS542 devices that can be triggered by unauthenticated attackers via a … More → The post Zyxel fixes critical command injection flaw in EOL NAS devices (CVE-2024-6342) appeared first on Help Net Security.
News URL
https://www.helpnetsecurity.com/2024/09/10/cve-2024-6342/
Related news
- Critical flaw in Zyxel’s secure routers allows OS command execution via cookie (CVE-2024-7261) (source)
- Zyxel warns of critical OS command injection flaw in routers (source)
- Zyxel Patches Critical OS Command Injection Flaw in Access Points and Routers (source)
- Critical Apache OFBiz pre-auth RCE flaw fixed, update ASAP! (CVE-2024-38856) (source)
- Critical 1Password flaws may allow hackers to snatch your passwords (CVE-2024-42219, CVE-2024-42218) (source)
- Critical RCE bug in SolarWinds Web Help Desk fixed (CVE-2024-28986) (source)
- Critical GitHub Enterprise Server auth bypass flaw fixed (CVE-2024-6800) (source)
- Another critical SolarWinds Web Help Desk bug fixed (CVE-2024-28987) (source)
- SonicWall patches critical flaw affecting its firewalls (CVE-2024-40766) (source)
- Critical Fortra FileCatalyst Workflow vulnerability patched (CVE-2024-6633) (source)