September 3, 2024 at 03:59PM Zyxel released security updates for a critical vulnerability affecting various business routers, allowing unauthenticated attackers to execute OS commands. The flaw, tracked as CVE-2024-7261, has a CVSS v3 score of 9.8. Additionally, multiple high-severity flaws in APT and USG FLEX firewalls were addressed through security updates. Detailed information is available … Read more
June 5, 2024 at 01:38PM Zyxel released security patches for its obsolete NAS326 and NAS542 devices after critical vulnerabilities were reported by an intern at a security vendor. The vulnerabilities, including a backdoor account and code injection flaws, could lead to remote code execution and other issues. Patches are available despite the devices reaching end-of-life … Read more
December 1, 2023 at 01:54AM Zyxel released patches for 15 security issues affecting NAS, firewall, and AP devices. This includes three critical vulnerabilities that could allow unauthenticated command execution. High-severity flaws enabling system information access and arbitrary command execution were also patched. Users are urged to update their devices to prevent exploitation. Meeting Takeaways: 1. … Read more
November 30, 2023 at 10:17AM Zyxel has patched critical security vulnerabilities in its NAS devices that risked unauthorized command execution and data compromise. Users of NAS326 and NAS542 models must update their firmware to versions V5.21(AAZF.15)C0 and V5.21(ABAG.12)C0 or later, respectively, as there are no alternative mitigations. **Takeaways from Meeting Notes:** 1. **Issue Identification:** Zyxel … Read more