September 3, 2024 at 03:59PM
Zyxel released security updates for a critical vulnerability affecting various business routers, allowing unauthenticated attackers to execute OS commands. The flaw, tracked as CVE-2024-7261, has a CVSS v3 score of 9.8. Additionally, multiple high-severity flaws in APT and USG FLEX firewalls were addressed through security updates. Detailed information is available in Zyxel’s advisory.
Based on the meeting notes, it is vital to address the critical vulnerability impacting multiple models of Zyxel business routers, which allows unauthenticated attackers to perform OS command injection. The flaw, tracked as CVE-2024-7261, has a CVSS v3 score of 9.8 (“critical”), and it’s essential to ensure the affected Zyxel access points and security routers are upgraded to the recommended versions to address this vulnerability. Additionally, Zyxel has also issued security updates for multiple high-severity flaws in APT and USG FLEX firewalls, with CVE-2024-42057 being particularly noteworthy due to its command injection vulnerability in the IPSec VPN feature. It’s important to review Zyxel’s advisory for more details on the impacted firewalls and take necessary actions to mitigate the risks posed by these vulnerabilities.