September 4, 2024 at 08:36AM
Zyxel has released patches addressing critical vulnerabilities in their networking devices. The patches cover multiple access point and security router models, as well as firewall series devices. The vulnerabilities could allow remote attackers to execute arbitrary commands or cause a denial-of-service condition. Zyxel advises affected product owners to obtain the updates from their support team.
Based on the meeting notes, the important takeaways are:
– Zyxel has released patches for multiple vulnerabilities in its networking devices, including critical-severity flaws affecting access points, security routers, and firewall series devices.
– The critical bug, tracked as CVE-2024-7261 with a CVSS score of 9.8, is an OS command injection issue that could be exploited by remote, unauthenticated attackers via crafted cookies.
– Fixes have also been announced for high-severity vulnerabilities in firewall series devices, allowing attackers to execute arbitrary commands and cause denial-of-service (DoS) conditions.
– Authentication is required for some of the vulnerabilities, but not for others, and patches are available for some affected models, while owners of other products need to contact Zyxel support for updates.
– Zyxel has identified at least 50 products affected by a high-severity buffer overflow vulnerability (CVE-2024-5412) and owners of the remaining products need to contact Zyxel support for updates.
No information has been mentioned about these vulnerabilities being exploited in the wild. More details can be found on Zyxel’s security advisories page.