aiwithwords logo

Zyxel Releases Patches for Serious Vulnerabilities in 50 Products

Meta Llama
Zyxel Releases Patches for Serious Vulnerabilities in 50 Products

Zyxel Releases Patches for Serious Vulnerabilities in 50 Products

Individuals or companies using Zyxel networking solutions are likely operating on faulty equipment, following the recent listing of nine serious security flaws in over 50 products, ranging from access points to firewalls. Zyxel issued patches for all the holes, but administrative intervention is required to update the firmware.

Zyxel listed nine security advisories affecting dozens of its products, with most carrying a ‘high’ severity ranking. The most critical vulnerability, CVE-2024-7261, has a critical rating and can permit hackers to take over the exploited device and use it as an entry point to the entire network.

Critical Vulnerability in Access Points and Security Routers

The CVE-2024-7261 can allow bad actors to send the compromised device a malicious cookie that can execute commands within the operating system. This flaw affects 29 Zyxel access points and security routers. A second vulnerability, CVE-2024-5412, affects 50 devices, including 5G NR CPE, DSL/Ethernet CPE, fiber ONT, WiFi extender, and security routers.

Buffer Overflow and Command Injection Vulnerabilities

A third security advisory contains seven vulnerabilities, all affecting Zyxel’s firewalls. These include:

  • CVE-2024-6343 – Buffer overflow. Rating: 4.9.
  • CVE-2024-7203 – Post-authentication command injection. Rating: 7.2.
  • CVE-2024-42057 – Command injection in the IPSec VPN feature. Rating: 8.1.
  • CVE-2024-42058 – Null pointer dereference vulnerability. Rating: 7.5.
  • CVE-2024-42059 – Post-authentication command injection. Rating: 7.2.
  • CVE-2024-42060 – Post-authentication command injection. Rating: 7.2.
  • CVE-2024-42061 – Reflected cross-site scripting vulnerability. Rating: 6.1.
  • Zyxel has patched all of these flaws. The advisory has links to most of the firmware updates, but some devices may require contacting your local Zyxel service representative for remediation.

    My Thoughts

    Zyxel Release Patches for Critical Vulnerabilities in 50 Products: What Does This Mean for Users?

    As I read through the recent security advisory from Zyxel, one thing becomes apparent: users of Zyxel networking solutions may be operating on faulty equipment. The company has listed nine serious security flaws in over 50 products, including access points, firewalls, and security routers. Although Zyxel has issued patches for these vulnerabilities, administrative intervention is required to update the firmware, leaving room for error.

    The Severity of the Vulnerabilities

    The most critical vulnerability, CVE-2024-7261, carries a rating of 9.8 out of 10. This flaw could allow hackers to take control of the exploited device and gain entry to the entire network. The vulnerability affects 29 Zyxel access points and security routers. Another vulnerability, CVE-2024-5412, affects 50 devices and has a rating of 7.5, which is still considered highly severe.

    What Should Users Do?

    It is crucial that users of Zyxel networking solutions take immediate action to update their firmware and patch these vulnerabilities. Failure to do so could leave their networks vulnerable to attacks.

    Some of the affected products include:

    • Access points
    • Firewalls
    • Security routers
    • 5G NR CPE
    • DSL/Ethernet CPE
    • Fiber ONT

      leave a reply

      Leave a Reply

      Your email address will not be published. Required fields are marked *