Critical OS Command Injection Flaw in Zyxel Routers Addressed

September 4, 2024

Zyxel, a major network hardware manufacturer, has rolled out security patches to rectify a critical vulnerability, labeled as CVE-2024-7261, which impacts an array of its business-focused routers. This flaw is an OS command injection vulnerability, which has its roots in the inappropriate neutralization of special elements in the 'host' parameter in the CGI program of select AP and security router versions.

This flaw could potentially allow an attacker, without the need for authentication, to execute operating system commands by delivering a specially crafted cookie to a device susceptible to the vulnerability. The advisory states, “The improper neutralization of special elements in the parameter “host” in the CGI program of some AP and security router versions could allow an unauthenticated attacker to execute OS commands by sending a crafted cookie to a vulnerable device.”

The vulnerability was discovered by Chengchao Ai from the ROIS team at Fuzhou University. It is important to note that Zyxel routers have been previously targeted by malicious actors. In August 2023, a variant of the Gafgyt botnet actively sought to exploit a vulnerability, identified as CVE-2017-18368, impacting the end-of-life Zyxel P660HN-T1A router.

Related News

• Zyxel Issues Warning About Critical Vulnerability in Business Routers

Latest News

• Google Addresses Actively Exploited Android Flaw: Releases Monthly Security Update
• Zyxel Issues Warning About Critical Vulnerability in Business Routers
• Head Mare Hacktivist Group Targets Russia and Belarus Using WinRAR Vulnerability
• North Korean Hackers Exploit Chrome Zero-Day to Deploy Rootkit
• Corona Malware Botnet Exploits Five-Year-Old Zero-Day in Discontinued AVTECH IP Cameras