Tech News
Zyxel Patched Numerous Security Flaws Across Different Products
Zyxel recently addressed several security vulnerabilities in its firewalls and router devices with a series of security fixes. One of the most critical vulnerabilities identified could lead to OS command injection on Zyxel routers.
Critical OS Command Injection Vulnerability in Zyxel Routers
Zyxel disclosed an OS command injection vulnerability impacting various router models. Known as CVE-2024-7261, this vulnerability affects access points and security router versions, as mentioned in the company’s advisory.
The CVE listing elaborates on the vulnerability and affected devices:
The vulnerability in the CGI program of Zyxel routers could potentially allow an attacker to execute OS commands by sending a crafted cookie to a vulnerable device.
This critical vulnerability received a CVSS score of 9.1, and Zyxel has released security patches for affected devices. Users are advised to update their devices promptly to mitigate the risk.
High-Severity Buffer Overflow Issue Resolved
Another significant vulnerability, CVE-2024-5412, addressed a high-severity buffer overflow issue affecting various Zyxel products. This vulnerability could be exploited by an unauthenticated attacker to trigger a denial of service on the target device.
Zyxel provided a list of affected products and corresponding patched releases in their advisory.
Multiple Security Flaws Fixed in Zyxel Firewalls
In addition to the aforementioned vulnerabilities, Zyxel also patched seven security flaws in multiple firewall versions. These include:
- CVE-2024-6343 (medium; CVSS 4.9): Buffer overflow vulnerability in the CGI program
- CVE-2024-7203 (high; CVSS 7.2): Post-authentication OS command injection
- CVE-2024-42057 (high; CVSS 8.1): OS command injection in the IPSec VPN feature
- CVE-2024-42058 (high; CVSS 7.5): Null pointer dereference vulnerability
- CVE-2024-42059 (high; CVSS 7.2): Post-authentication OS command injection via FTP
- CVE-2024-42060 (high; CVSS 7.2): OS command injection via internal user agreement file
- CVE-2024-42061 (medium; CVSS 6.1): Reflected cross-site scripting (XSS)
These vulnerabilities affected various Zyxel firewall models, and patches have been released for all affected devices. Users are urged to update their devices to stay protected.
Share your thoughts in the comments section below.
5 Amazing Benefits Of Stacking Toy
Nordic founders are taking bigger swings, and it’s paying off
5 Apps To Speed Up Your Google TV Device
Trump threatens ABC News for reporter’s questions on his family business in Saudi Arabia, Khashoggi’s murder and Epstein files
The Best Sunglasses for Travel + Must Have Accessories » Local Adventurer » Travel Adventures in Las Vegas + World Wide
This Silent Habit Might Be Sabotaging Your Career
The Four Types of Happiness: Which One Are You Living In?
Halloween Events in London 2025
Join the peaceful demonstrations for democracy
Cute and Thankful Sayings for the People You Love
Croatia to reintroduce compulsory military draft as regional tensions soar
Singapore Airlines CEO set to join board of Air India, BA News, BA
Supernatural Season 16 Revival News, Cast, Plot and Release Date
How Your Contact Center Can Become A Customer Engagement Center
Bangladeshi police agents accused of selling citizens’ personal information on Telegram
Google Pixel 9 Pro vs Samsung Galaxy S25 Ultra: Camera Comparison Review
The Criterion Collection announces November 2024 releases, Seven Samurai 4K and more
Fallout Season 2 Potential Release Date, Cast, Plot and News
15 of the Best Trike & Tricycles Mums Recommend
17 Signs You Travel A Lot
-
Breaking News2 years agoCroatia to reintroduce compulsory military draft as regional tensions soar
-
Destination1 year agoSingapore Airlines CEO set to join board of Air India, BA News, BA
-
Gadgets1 year agoSupernatural Season 16 Revival News, Cast, Plot and Release Date
-
Productivity2 years agoHow Your Contact Center Can Become A Customer Engagement Center
-
Tech News2 years agoBangladeshi police agents accused of selling citizens’ personal information on Telegram
-
Gadgets10 months agoGoogle Pixel 9 Pro vs Samsung Galaxy S25 Ultra: Camera Comparison Review
-
Gaming2 years agoThe Criterion Collection announces November 2024 releases, Seven Samurai 4K and more
-
Gadgets10 months agoFallout Season 2 Potential Release Date, Cast, Plot and News