Security News > 2024 > September > Zyxel fixes critical command injection flaw in EOL NAS devices (CVE-2024-6342)

Zyxel fixes critical command injection flaw in EOL NAS devices (CVE-2024-6342)
2024-09-10 09:01

Users of Zyxel network-attached storage (NAS) devices are urged to implement hotfixes addressing a critical and easily exploited command injection vulnerability (CVE-2024-6342). About CVE-2024-6342 Zyxel NAS devices are generally used by small to medium-sized businesses (SMBs) for data storage and backup. CVE-2024-6342 – reported by Nanyu Zhong and Jinwei Dong from VARAS@IIE – is a vulnerability in the export-cgi program of Zyxel NAS326 and NAS542 devices that can be triggered by unauthenticated attackers via a … More → The post Zyxel fixes critical command injection flaw in EOL NAS devices (CVE-2024-6342) appeared first on Help Net Security.


News URL

https://www.helpnetsecurity.com/2024/09/10/cve-2024-6342/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Zyxel 378 0 69 85 46 200