Zyxel warns of critical OS command injection flaw in routers

September 3, 2024 at 03:59PM Zyxel released security updates for a critical vulnerability affecting various business routers, allowing unauthenticated attackers to execute OS commands. The flaw, tracked as CVE-2024-7261, has a CVSS v3 score of 9.8. Additionally, multiple high-severity flaws in APT and USG FLEX firewalls were addressed through security updates. Detailed information is available … Read more

ASUS warns of critical remote authentication bypass on 7 routers

June 15, 2024 at 01:15PM ASUS has released a firmware update to address vulnerabilities impacting seven router models, allowing remote attackers to take control of the devices. Users are advised to update to the latest firmware versions and strengthen account and WiFi passwords. The update also addresses other vulnerabilities and includes an update for the … Read more

TP-Link Gaming Router Vulnerability Exposes Users to Remote Code Attacks

May 28, 2024 at 02:45AM A critical security flaw, CVE-2024-5035, with a 10.0 CVSS score, was discovered in TP-Link Archer C5400X router, allowing remote code execution. The flaw, patched in version 1_1.1.7, arises from a binary related to radio frequency testing, exposing a network listener. TP-Link’s fix blocks commands with special characters. Other undisclosed vulnerabilities … Read more

Chinese APT Volt Typhoon Linked to Unkillable SOHO Router Botnet 

December 13, 2023 at 12:24PM Malware hunters in the US have uncovered a resilient botnet built from outdated SOHO routers, serving as a covert data transfer network for Chinese government-backed hacker group Volt Typhoon. The botnet spans various sectors, including critical infrastructure organizations. Black Lotus Labs plans to release detailed technical analysis of the threat, … Read more