Close Menu
Indo Guard OnlineIndo Guard Online
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
What's Hot

Sonicwall Netextender Trojan and Connectwise Explois

June 25, 2025

North Korea related to supply networks is focused on developers with 35 malicious NPM packages

June 25, 2025

Microsoft extends Windows 10 security updates on one year with new enrollment options

June 25, 2025
Facebook X (Twitter) Instagram
Facebook X (Twitter) Instagram YouTube
Indo Guard OnlineIndo Guard Online
Subscribe
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
Indo Guard OnlineIndo Guard Online
Home » Zyxel fixes a critical bug in the implementation of OS commands in access points and routers
Global Security

Zyxel fixes a critical bug in the implementation of OS commands in access points and routers

AdminBy AdminSeptember 4, 2024No Comments3 Mins Read
Share
Facebook Twitter LinkedIn Pinterest Email Copy Link


September 4, 2024Ravi LakshmananVulnerability / Network Security

Zyxel has released software updates to address a critical security flaw affecting certain versions of access points (APs) and security routers that could lead to the execution of unauthorized commands.

Tracked as CVE-2024-7261 (CVSS Score: 9.8), the vulnerability was described as an operating system (OS) command injection case.

“Improper neutralization of special elements in the ‘host’ parameters in the CGI program of some AP and security router versions could allow an unauthenticated attacker to execute OS commands by sending a crafted cookie to a vulnerable device,” Zyxel said. said in the consulting room.

Cyber ​​security

Chengchao Ai of Fuzhou University’s ROIS team is credited with discovering and reporting the flaw.

Zyxel has it too sent updates for seven vulnerabilities in routers and firewalls, including several with high severity that could lead to OS command execution, denial of service (DoS), or browser-based information access –

  • CVE-2024-5412 (CVSS Score: 7.5) – Buffer overflow vulnerability in the “libclinkc” library, which could allow an unauthenticated attacker to cause DoS conditions via a specially crafted HTTP request
  • CVE-2024-6343 (CVSS Score: 4.9) – Buffer overflow vulnerability that could allow an authenticated attacker with administrative privileges to cause DoS conditions via a specially crafted HTTP request
  • CVE-2024-7203 (CVSS Score: 7.2) – Post-authentication command injection vulnerability that could allow an authenticated attacker with administrative privileges to execute OS commands
  • CVE-2024-42057 (CVSS Score: 8.1) – Command injection vulnerability in the IPSec VPN function, which could allow an unauthenticated attacker to execute certain OS commands
  • CVE-2024-42058 (CVSS Score: 7.5) – Null pointer dereferencing vulnerability that could allow an unauthenticated attacker to cause DoS conditions by sending crafted packets
  • CVE-2024-42059 (CVSS Score: 7.2) – Post-authentication command injection vulnerability that could allow an authenticated attacker with administrative privileges to execute certain OS commands by uploading a crafted compressed language file via FTP
  • CVE-2024-42060 (CVSS Score: 7.2) – A post-authentication command injection vulnerability in some firewall versions could allow an authenticated attacker with administrative privileges to execute certain OS commands
  • CVE-2024-42061 (CVSS Score: 6.1) – A demonstrated cross-site scripting (XSS) vulnerability in the CGI program “dynamic_script.cgi” could allow an attacker to trick a user into visiting a crafted URL with an XSS payload and obtain browser-based information

The development comes as D-Link said four security vulnerabilities affecting its DIR-846 router, including two critical remote command execution vulnerabilities (CVE-2024-44342, CVSS score: 9.8), will not be patched due to the products reaching status in February 2020 end of life (EoL). , urging customers to replace them with supported versions.

Did you find this article interesting? Follow us Twitter  and LinkedIn to read more exclusive content we publish.





Source link

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
Admin
  • Website

Related Posts

Sonicwall Netextender Trojan and Connectwise Explois

June 25, 2025

North Korea related to supply networks is focused on developers with 35 malicious NPM packages

June 25, 2025

Microsoft extends Windows 10 security updates on one year with new enrollment options

June 25, 2025

The new visa rule in the US requires from applicants to set privacy in social media for the public

June 24, 2025

Hackers focus on over 70 Microsoft Exchange servers to steal credentials via Keyloggers

June 24, 2025

Researchers find a way to close Cryptominer companies using bad stocks and Xmrogue

June 24, 2025
Add A Comment
Leave A Reply Cancel Reply

Loading poll ...
Coming Soon
Do You Like Our Website
: {{ tsp_total }}

Subscribe to Updates

Get the latest security news from Indoguardonline.com

Latest Posts

Sonicwall Netextender Trojan and Connectwise Explois

June 25, 2025

North Korea related to supply networks is focused on developers with 35 malicious NPM packages

June 25, 2025

Microsoft extends Windows 10 security updates on one year with new enrollment options

June 25, 2025

The new visa rule in the US requires from applicants to set privacy in social media for the public

June 24, 2025

Hackers focus on over 70 Microsoft Exchange servers to steal credentials via Keyloggers

June 24, 2025

Researchers find a way to close Cryptominer companies using bad stocks and Xmrogue

June 24, 2025

APT28 uses signal chat to expand malicious Beardhell ​​and Testament software in Ukraine

June 24, 2025

Talk CTEM we all need

June 24, 2025
About Us
About Us

Provide a constantly updating feed of the latest security news and developments specific to Indonesia.

Facebook X (Twitter) Pinterest YouTube WhatsApp
Our Picks

Sonicwall Netextender Trojan and Connectwise Explois

June 25, 2025

North Korea related to supply networks is focused on developers with 35 malicious NPM packages

June 25, 2025

Microsoft extends Windows 10 security updates on one year with new enrollment options

June 25, 2025
Most Popular

In Indonesia, crippling immigration ransomware breach sparks privacy crisis

July 6, 2024

Why Indonesia’s Data Breach Crisis Calls for Better Security

July 6, 2024

Indonesia’s plan to integrate 27,000 govt apps in one platform welcomed but data security concerns linger

July 6, 2024
© 2025 indoguardonline.com
  • Home
  • About us
  • Contact us
  • Privacy Policy

Type above and press Enter to search. Press Esc to cancel.