Several router models developed by the Taiwanese networking firm Zyxel have been found to contain a serious vulnerability, enabling threat actors to execute arbitrary commands remotely. The company has issued a critical patch to remediate this security flaw, and users are strongly urged to implement it without delay.
According to Zyxel’s advisory, the vulnerability arises from an “input validation error due to inadequate management of user-generated data.” Essentially, this means that the operating system fails to properly validate the information entered by users, which can lead hackers to exploit OS command injection. This issue is designated as CVE-2024-7261, with an alarming severity rating of 9.8 out of 10—making it critical.
“The flawed handling of special characters within the ‘host’ parameter in certain versions of CGI programming for access points and security routers enables unauthorized individuals to run OS commands through a specially crafted cookie sent to compromised devices,” stated Zyxel in their announcement.
Significant Number of Devices at Risk
Many Zyxel access point models are susceptible due to this vulnerability. Below is an exhaustive list:
- NWA Series: NWA50AX, NWA50AX PRO, NWA55AXE, NWA90AX, NWA90AX PRO, NWA110AX, NWA130BE, NWA210AX, NWA220AX-6E | all versions up until 7.00
- NWA1123-AC PRO (all versions prior to 6.28)
- NWA1123ACv3; WAC500; WAC500H (all versions preceding 6.70)
- WAC Series: WAC6103D-I; WAC6502D-S; WAC6503D-S; WAC6552D-S; WAC6553D-E (all versions before 6.28)
- WAX Series: WAX300H; WAX510D; WAX610D; WAX620D-6E; WAX630S; WAX640S-6E; WAX650S; WAX655E (all versions up until 7.00)
- WBE Series: >WBE530 and >WBE660S (versions prior to 7.00).
The USG LITE 60 AX Security Router running firmware V2.00(ACIP .2) is also included among those vulnerable devices—it automatically receives updates so most users should be safeguarded there but verifying that it runs on version V2 .00( ACIP .3) is wise for additional assurance.
Zyxel holds a strong position in the networking industry with their routers and switches widely adopted by enterprises globally—this makes them particularly appealing targets for cybercriminals who seek new vulnerabilities for exploitation purposes. Consequently, customers utilizing Zyxel products must prioritize applying this patch promptly in order safeguard their systems effectively.
Via BleepingComputer
Additional Insights from TechRadar Pro
- A significant number of D-Link NAS devices exhibit severe backdoor vulnerabilities
- A curated selection of top-notch firewalls currently available
- An overview of leading endpoint security tools available today
