Corporate routers vulnerable to OS command injection attack
Several business router models built by Taiwanese networking giant Zyxel had a critical vulnerability that could allow attackers to remotely execute any command. The manufacturer recently released a fix that addresses the flaw, so it is highly recommended to install it right away.
As the company explained in an advisory, the vulnerability is described as an “input validation error caused by improper handling of user-supplied data.” In other words, the underlying operating system fails to validate the data a user inputs, potentially allowing criminals to perform OS command injection. The bug is tracked as CVE-2024-7261and has a severity score of 9.8/10 – critical.
“The improper neutralization of special elements in the ‘host’ parameter in the CGI program of some AP and security router versions may allow an unauthenticated attacker to execute OS commands by sending a crafted cookie to a vulnerable device,” Zyxel said in the advisory.
Numerous devices affected
Multiple Zyxel access points (AP) are vulnerable to the bug. The full list is below:
- NWA Series: NWA50AX, NWA50AX PRO, NWA55AXE, NWA90AX, NWA90AX PRO, NWA110AX, NWA130BE, NWA210AX, NWA220AX-6E | all versions up to 7.00
- NWA1123-AC PRO (all versions up to 6.28)
- NWA1123ACv3, WAC500, WAC500H (all versions up to 6.70)
- WAC Series: WAC6103D-I, WAC6502D-S, WAC6503D-S, WAC6552D-S, WAC6553D-E (all versions up to 6.28)
- WAX Series: WAX300H, WAX510D, WAX610D, WAX620D-6E, WAX630S, WAX640S-6E, WAX650S, WAX655E (all versions up to 7.00)
- WBE series: WBE530, WBE660S (all versions up to and including 7.00).
Security router USG LITE 60AX with version 2.00 (ACIP.2) is also vulnerable, but this device is automatically patched, so users should be safe. If you use this model, at least make sure it is running version V2.00 (ACIP.3).
Zyxel is a popular manufacturer of networking devices, with its routers, switches and wireless access points used by thousands of organizations worldwide. As such, it is a popular target for cybercriminals, who are always on the hunt for a new vulnerability to exploit. Zyxel customers are advised to apply the patch as soon as possible to secure their premises.
Via BleepingComputer