Zyxel fixes Critical Vulnerability CVE-2024-7261

Zyxel fixes Critical Vulnerability CVE-2024-7261

No Comments

Zyxel released updates to fix a critical vulnerability that impacts 28 access points (AP) and security router version.

The Zyxel vulnerability is tracked as CVE-2024-7261 CVSS score of 9.8, which is considered critical. The improper neutralization of special elements in the parameter “host” in the CGI program of some AP and security router versions could allow an unauthenticated attacker to execute OS commands by sending a crafted cookie to a vulnerable device.

Advertisements

The company published a list of 29 products – 28 APs and a router version – that are vulnerable to CVE-2024-7261. In their security advisory, you can find details about the product type, the model, the version, and the available patch.

Chengchao Ai from the ROIS team at Fuzhou University discovered the vulnerability.

The OEM also patched seven other vulnerabilities as below

  • CVE-2024-6343
  • CVE-2024-7203
  • CVE-2024-42057
  • CVE-2024-42058 
  • CVE-2024-42059
  • CVE-2024-42060
  • CVE-2024-42061
Tags:

Comments

No comments yet. Why don’t you start the discussion?

    Leave a Reply

    This site uses Akismet to reduce spam. Learn how your comment data is processed.