Zyxel warns of critical OS command injection flaw in routers

September 3, 2024 at 03:59PM Zyxel released security updates for a critical vulnerability affecting various business routers, allowing unauthenticated attackers to execute OS commands. The flaw, tracked as CVE-2024-7261, has a CVSS v3 score of 9.8. Additionally, multiple high-severity flaws in APT and USG FLEX firewalls were addressed through security updates. Detailed information is available … Read more

Emergency patches released for critical vulns impacting EOL Zyxel NAS boxes

June 5, 2024 at 01:38PM Zyxel released security patches for its obsolete NAS326 and NAS542 devices after critical vulnerabilities were reported by an intern at a security vendor. The vulnerabilities, including a backdoor account and code injection flaws, could lead to remote code execution and other issues. Patches are available despite the devices reaching end-of-life … Read more

Zyxel Releases Patches to Fix 15 Flaws in NAS, Firewall, and AP Devices

December 1, 2023 at 01:54AM Zyxel released patches for 15 security issues affecting NAS, firewall, and AP devices. This includes three critical vulnerabilities that could allow unauthenticated command execution. High-severity flaws enabling system information access and arbitrary command execution were also patched. Users are urged to update their devices to prevent exploitation. Meeting Takeaways: 1. … Read more

Zyxel warns of multiple critical vulnerabilities in NAS devices

November 30, 2023 at 10:17AM Zyxel has patched critical security vulnerabilities in its NAS devices that risked unauthorized command execution and data compromise. Users of NAS326 and NAS542 models must update their firmware to versions V5.21(AAZF.15)C0 and V5.21(ABAG.12)C0 or later, respectively, as there are no alternative mitigations. **Takeaways from Meeting Notes:** 1. **Issue Identification:** Zyxel … Read more