Zyxel: Attackers can gain control of access points and routers

If attacks are successful, attackers can execute their own commands on certain access points and a Zyxel security router. Secured firmware versions are available for download.

Advertisement

Cookie gap

According to an alert, attackers can attack the USG LITE 60AX security router as well as several access points such as NWA50AX, WAC500H and WBE660S. The vulnerability (CVE-2024-7261) is classified as“criticalDue to the vulnerability's classification, it is expected that attackers can completely compromise devices after a successful attack.

Because certain elements in the “Host” parameter of the CGI program are not sufficiently checked, attackers can exploit the vulnerability without authentication by using crafted cookies.

The warning message states which firmware administrators must install to secure devices. The developers at Zyxel have recently closed several security holes in various firewall models.

(of)