Zyxel security advisory for OS command injection vulnerability in APs and security router devices

Zyxel_May
Zyxel_May Posts: 157  Zyxel Employee
First Comment Fourth Anniversary
edited September 3 in Security Advisories

CVE: CVE-2024-7261

Summary

Zyxel has released patches addressing an operating system (OS) command injection vulnerability in some access point (AP) and security router versions. Users are advised to install the patches for optimal protection.

What is the vulnerability?

The improper neutralization of special elements in the parameter “host” in the CGI program of some AP and security router versions could allow an unauthenticated attacker to execute OS commands by sending a crafted cookie to a vulnerable device.

What versions are vulnerable—and what should you do?

After a thorough investigation, we have identified the vulnerable products that are within their vulnerability support period, with their firmware patches shown in the table below.

Product

Affected model

Affected version

Patch availability

AP

NWA50AX

7.00(ABYW.1) and earlier

7.00(ABYW.2)

NWA50AX PRO

7.00(ACGE.1) and earlier

7.00(ACGE.2)

NWA55AXE

7.00(ABZL.1) and earlier

7.00(ABZL.2)

NWA90AX

7.00(ACCV.1) and earlier

7.00(ACCV.2)

NWA90AX PRO

7.00(ACGF.1) and earlier

7.00(ACGF.2)

NWA110AX

7.00(ABTG.1) and earlier

7.00(ABTG.2)

NWA130BE

7.00(ACIL.1) and earlier

7.00(ACIL.2)

NWA210AX

7.00(ABTD.1) and earlier

7.00(ABTD.2)

NWA220AX-6E

7.00(ACCO.1) and earlier

7.00(ACCO.2)

NWA1123-AC PRO

6.28(ABHD.0) and earlier

6.28(ABHD.3)

NWA1123ACv3

6.70(ABVT.4) and earlier

6.70(ABVT.5)

WAC500

6.70(ABVS.4) and earlier

6.70(ABVS.5)

WAC500H

6.70(ABWA.4) and earlier

6.70(ABWA.5)

WAC6103D-I

6.28(AAXH.0) and earlier

6.28(AAXH.3)

WAC6502D-S

6.28(AASE.0) and earlier

6.28(AASE.3)

WAC6503D-S

6.28(AASF.0) and earlier

6.28(AASF.3)

WAC6552D-S

6.28(ABIO.0) and earlier

6.28(ABIO.3)

WAC6553D-E

6.28(AASG.2) and earlier

6.28(AASG.3)

WAX300H

7.00(ACHF.1) and earlier

7.00(ACHF.2)

WAX510D

7.00(ABTF.1) and earlier

7.00(ABTF.2)

WAX610D

7.00(ABTE.1) and earlier

7.00(ABTE.2)

WAX620D-6E

7.00(ACCN.1) and earlier

7.00(ACCN.2)

WAX630S

7.00(ABZD.1) and earlier

7.00(ABZD.2)

WAX640S-6E

7.00(ACCM.1) and earlier

7.00(ACCM.2)

WAX650S

7.00(ABRM.1) and earlier

7.00(ABRM.2)

WAX655E

7.00(ACDO.1) and earlier

7.00(ACDO.2)

WBE530

7.00(ACLE.1) and earlier

7.00(ACLE.2)

WBE660S

7.00(ACGG.1) and earlier

7.00(ACGG.2)

Security router

USG LITE 60AX

V2.00(ACIP.2)

V2.00(ACIP.3)*

*Updated by cloud

Got a question?

Please contact your local service rep or visit Zyxel’s community for further information or assistance.

Acknowledgment

Thanks to Chengchao Ai from the ROIS team of Fuzhou University for reporting the issue to us.

Revision history

2024-9-3: Initial release.