Multiple business router models, built by the Taiwanese networking giant Zyxel, carried a critical vulnerability which allowed malicious actors to run any command, remotely. The manufacturer recently released a fix which addresses the flaw, so installing it straight away is highly recommended.
As the company explained in an advisory, the vulnerability is described as an “input validation fault caused by improper handling of user-supplied data.” In other words, the underlying OS does not validate the data a user inputs, potentially allowing crooks to run OS command injection. The bug is tracked as CVE-2024-7261, and carries a severity score of 9.8/10 - critical.
"The improper neutralization of special elements in the parameter "host" in the CGI program of some AP and security router versions could allow an unauthenticated attacker to execute OS commands by sending a crafted cookie to a vulnerable device," Zyxel said in the advisory.
Numerous devices affected
Multiple Zyxel access points (AP) are vulnerable to the flaw. The full list is below:
- NWA Series: NWA50AX, NWA50AX PRO, NWA55AXE, NWA90AX, NWA90AX PRO, NWA110AX, NWA130BE, NWA210AX, NWA220AX-6E | all versions up to 7.00
- NWA1123-AC PRO (all versions up to 6.28)
- NWA1123ACv3, WAC500, WAC500H (all versions up to 6.70)
- WAC Series: WAC6103D-I, WAC6502D-S, WAC6503D-S, WAC6552D-S, WAC6553D-E (all versions up to 6.28)
- WAX Series: WAX300H, WAX510D, WAX610D, WAX620D-6E, WAX630S, WAX640S-6E, WAX650S, WAX655E (all versions up to 7.00)
- WBE Series: WBE530, WBE660S (all versions up to 7.00).
Security router USG LITE 60AX running V2.00(ACIP.2) is also vulnerable, but this device is automatically patched, so users should be safe. In any case, if you’re using this model make sure it’s running version V2.00(ACIP.3).
Zyxel is a popular manufacturer of networking devices, with its routers, switches, and wireless access points being used by thousands of organizations worldwide. As such, it is a popular target among cybercriminals, who are always on the hunt for a new vulnerability to exploit. Zyxel customers are advised to apply the patch as soon as possible and thus secure their premises.
Via BleepingComputer
More from TechRadar Pro
- Thousands of D-Link NAS devices have serious backdoor security issues
- Here's a list of the best firewalls around today
- These are the best endpoint security tools right now