Close Menu
Indo Guard OnlineIndo Guard Online
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
What's Hot

Google exposes Vishing Group UNC6040 target on Salesforce with a fake app for a data loader

June 4, 2025

Malicious Chaos Rats are aimed at Windows and Linux via fake network downloads

June 4, 2025

Why do traditional DLP solutions do not get in the browser era

June 4, 2025
Facebook X (Twitter) Instagram
Facebook X (Twitter) Instagram YouTube
Indo Guard OnlineIndo Guard Online
Subscribe
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
Indo Guard OnlineIndo Guard Online
Home » Zyxel fixes a critical bug in the implementation of OS commands in access points and routers
Global Security

Zyxel fixes a critical bug in the implementation of OS commands in access points and routers

AdminBy AdminSeptember 4, 2024No Comments3 Mins Read
Share
Facebook Twitter LinkedIn Pinterest Email Copy Link


September 4, 2024Ravi LakshmananVulnerability / Network Security

Zyxel has released software updates to address a critical security flaw affecting certain versions of access points (APs) and security routers that could lead to the execution of unauthorized commands.

Tracked as CVE-2024-7261 (CVSS Score: 9.8), the vulnerability was described as an operating system (OS) command injection case.

“Improper neutralization of special elements in the ‘host’ parameters in the CGI program of some AP and security router versions could allow an unauthenticated attacker to execute OS commands by sending a crafted cookie to a vulnerable device,” Zyxel said. said in the consulting room.

Cyber ​​security

Chengchao Ai of Fuzhou University’s ROIS team is credited with discovering and reporting the flaw.

Zyxel has it too sent updates for seven vulnerabilities in routers and firewalls, including several with high severity that could lead to OS command execution, denial of service (DoS), or browser-based information access –

  • CVE-2024-5412 (CVSS Score: 7.5) – Buffer overflow vulnerability in the “libclinkc” library, which could allow an unauthenticated attacker to cause DoS conditions via a specially crafted HTTP request
  • CVE-2024-6343 (CVSS Score: 4.9) – Buffer overflow vulnerability that could allow an authenticated attacker with administrative privileges to cause DoS conditions via a specially crafted HTTP request
  • CVE-2024-7203 (CVSS Score: 7.2) – Post-authentication command injection vulnerability that could allow an authenticated attacker with administrative privileges to execute OS commands
  • CVE-2024-42057 (CVSS Score: 8.1) – Command injection vulnerability in the IPSec VPN function, which could allow an unauthenticated attacker to execute certain OS commands
  • CVE-2024-42058 (CVSS Score: 7.5) – Null pointer dereferencing vulnerability that could allow an unauthenticated attacker to cause DoS conditions by sending crafted packets
  • CVE-2024-42059 (CVSS Score: 7.2) – Post-authentication command injection vulnerability that could allow an authenticated attacker with administrative privileges to execute certain OS commands by uploading a crafted compressed language file via FTP
  • CVE-2024-42060 (CVSS Score: 7.2) – A post-authentication command injection vulnerability in some firewall versions could allow an authenticated attacker with administrative privileges to execute certain OS commands
  • CVE-2024-42061 (CVSS Score: 6.1) – A demonstrated cross-site scripting (XSS) vulnerability in the CGI program “dynamic_script.cgi” could allow an attacker to trick a user into visiting a crafted URL with an XSS payload and obtain browser-based information

The development comes as D-Link said four security vulnerabilities affecting its DIR-846 router, including two critical remote command execution vulnerabilities (CVE-2024-44342, CVSS score: 9.8), will not be patched due to the products reaching status in February 2020 end of life (EoL). , urging customers to replace them with supported versions.

Did you find this article interesting? Follow us Twitter  and LinkedIn to read more exclusive content we publish.





Source link

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
Admin
  • Website

Related Posts

Google exposes Vishing Group UNC6040 target on Salesforce with a fake app for a data loader

June 4, 2025

Malicious Chaos Rats are aimed at Windows and Linux via fake network downloads

June 4, 2025

Why do traditional DLP solutions do not get in the browser era

June 4, 2025

Packages malicious Pypi, NPM and Rubin

June 4, 2025

HPE releases security patch for Storeonce error, which allows by -by -distance authentication

June 4, 2025

Fake Docusign, Gitcode Sites Distributed Netsupport Rat Through Multiple Attack PowerShell

June 3, 2025
Add A Comment
Leave A Reply Cancel Reply

Loading poll ...
Coming Soon
Do You Like Our Website
: {{ tsp_total }}

Subscribe to Updates

Get the latest security news from Indoguardonline.com

Latest Posts

Google exposes Vishing Group UNC6040 target on Salesforce with a fake app for a data loader

June 4, 2025

Malicious Chaos Rats are aimed at Windows and Linux via fake network downloads

June 4, 2025

Why do traditional DLP solutions do not get in the browser era

June 4, 2025

Packages malicious Pypi, NPM and Rubin

June 4, 2025

HPE releases security patch for Storeonce error, which allows by -by -distance authentication

June 4, 2025

Fake Docusign, Gitcode Sites Distributed Netsupport Rat Through Multiple Attack PowerShell

June 3, 2025

Critical 10-year Error Webmail RoundCube allows users to run the malicious code

June 3, 2025

Understanding the scammers and how to defend their organization

June 3, 2025
About Us
About Us

Provide a constantly updating feed of the latest security news and developments specific to Indonesia.

Facebook X (Twitter) Pinterest YouTube WhatsApp
Our Picks

Google exposes Vishing Group UNC6040 target on Salesforce with a fake app for a data loader

June 4, 2025

Malicious Chaos Rats are aimed at Windows and Linux via fake network downloads

June 4, 2025

Why do traditional DLP solutions do not get in the browser era

June 4, 2025
Most Popular

In Indonesia, crippling immigration ransomware breach sparks privacy crisis

July 6, 2024

Why Indonesia’s Data Breach Crisis Calls for Better Security

July 6, 2024

Indonesia’s plan to integrate 27,000 govt apps in one platform welcomed but data security concerns linger

July 6, 2024
© 2025 indoguardonline.com
  • Home
  • About us
  • Contact us
  • Privacy Policy

Type above and press Enter to search. Press Esc to cancel.