{"id":34922,"date":"2024-09-05T23:00:47","date_gmt":"2024-09-05T21:00:47","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=34922"},"modified":"2024-09-06T07:04:37","modified_gmt":"2024-09-06T05:04:37","slug":"zyxel-security-advisory-september-2024-vulnerabilities-in-routers","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2024\/09\/05\/zyxel-security-advisory-september-2024-vulnerabilities-in-routers\/","title":{"rendered":"Zyxel Security Advisory September 2024 &#8211; Vulnerabilities in routers"},"content":{"rendered":"<p><img decoding=\"async\" style=\"float: left; margin: 0px 10px 0px 0px; display: inline;\" title=\"Sicherheit (Pexels, allgemeine Nutzung)\" src=\"https:\/\/www.borncity.com\/blog\/wp-content\/uploads\/2021\/04\/Sicherheit_klein.jpg\" alt=\"Sicherheit (Pexels, allgemeine Nutzung)\" width=\"200\" align=\"left\" \/>[<a href=\"https:\/\/www.borncity.com\/blog\/2024\/09\/05\/zyxel-security-advisory-september-2024-schwachstellen-in-routern\/\" target=\"_blank\" rel=\"noopener\">German<\/a>]Zyxel has released security updates to close a critical vulnerability in several of its business routers. These vulnerabilities, rated with a CVSS v3 score of 9.8, may allow unauthenticated attackers to inject operating system commands. Updates are available to close the vulnerabilities.<\/p>\n<p><!--more--><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/vg07.met.vgwort.de\/na\/f16f3f1edac34f22a237bdaea3435cb8\" alt=\"\" width=\"1\" height=\"1\" \/>A Swiss blog reader pointed out to me (thanks for that) that Zyxel has published new security advisories in its global support center.<\/p>\n<ul>\n<li><a href=\"https:\/\/click.zyxel.com\/click\/d9wl-2ungdd-esb51e-cstt6pm2\/\" target=\"_blank\" rel=\"noopener\">Zyxel security advisory for OS command injection vulnerability in APs and security router devices<\/a><\/li>\n<li><a href=\"https:\/\/click.zyxel.com\/click\/d9wl-2ungdd-esb51f-cstt6pm3\/\" target=\"_blank\" rel=\"noopener\">Zyxel security advisory for multiple vulnerabilities in firewalls<\/a><\/li>\n<li><a href=\"https:\/\/click.zyxel.com\/click\/d9wl-2ungdd-esb51g-cstt6pm4\/\" target=\"_blank\" rel=\"noopener\">Zyxel security advisory for buffer overflow vulnerability in some 5G NR CPE, DSL\/Ethernet CPE, fiber ONT, WiFi extender, and security router devices<\/a><\/li>\n<\/ul>\n<p>Vulnerability <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-7261\" target=\"_blank\" rel=\"noopener\">CVE-2024-7261<\/a> exists due to improper neutralization of special elements in the \"host\" parameter in the CGI program of some AP and security router versions. This could allow an unauthenticated attacker to execute operating system commands by sending a manipulated cookie to a vulnerable device.<\/p>\n<p>The vulnerability CVE-2024-7261 has been assigned a CVSS v3 score of 9.8 (\"critical\") and Zyxel has released firmware updates to close the vulnerabilities. Details on affected devices and the remaining vulnerabilities as well as a list of available patches can be found in the security advisories linked above. Bleeping Computer has <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/zyxel-warns-of-critical-os-command-injection-flaw-in-routers\/\" target=\"_blank\" rel=\"noopener\">here<\/a> an article about the vulnerability.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>[German]Zyxel has released security updates to close a critical vulnerability in several of its business routers. These vulnerabilities, rated with a CVSS v3 score of 9.8, may allow unauthenticated attackers to inject operating system commands. Updates are available to close &hellip; <a href=\"https:\/\/borncity.com\/win\/2024\/09\/05\/zyxel-security-advisory-september-2024-vulnerabilities-in-routers\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[580,1547],"tags":[69,1544],"class_list":["post-34922","post","type-post","status-publish","format-standard","hentry","category-security","category-software","tag-security","tag-software"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/34922","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=34922"}],"version-history":[{"count":1,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/34922\/revisions"}],"predecessor-version":[{"id":34923,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/34922\/revisions\/34923"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=34922"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=34922"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=34922"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}