Zyxel Vulnerabilities - Critical Command Injection

In a critical development for network security, Zyxel has recently issued a major security alert regarding a vulnerability in several of its business routers. This flaw, tagged as CVE-2024-7261, has the potential to allow attackers to take control of affected devices, posing a serious threat to businesses that rely on these routers for secure network operations.

This vulnerability, which scores a near-maximum 9.8 on the CVSSv3 scale, is the result of a significant oversight in input validation. Specifically, the flaw allows remote attackers to execute unauthorised commands on the device’s operating system by exploiting how the routers process user-supplied data. Zyxel warns that an attacker could exploit this vulnerability simply by sending a specially crafted cookie to the device, bypassing the need for authentication, and potentially gaining control over the network.

Among the impacted devices are several popular models within the Zyxel NWA, WAC, and WAX series.

These include:

NWA Series: NWA50AX, NWA90AX, NWA110AX, and others (vulnerable up to version 7.00)        

WAC Series: WAC6103D-I, WAC6503D-S, and others (vulnerable up to version 6.28)        

WAX Series: WAX510D, WAX620D-6E, and others (vulnerable up to version 7.00)        

Zyxel has acted swiftly, providing firmware updates that mitigate the risk posed by CVE-2024-7261. If your network relies on any of the affected devices, it’s important to update to the latest firmware immediately to safeguard against this threat.

Other recent Zyxel vulnerabilities

This isn't the only security concern Zyxel has addressed recently. The company has also released patches for several other high-severity vulnerabilities in its APT and USG FLEX firewalls. Among these, CVE-2024-42057 stands out as particularly dangerous. With a CVSS score of 8.1, the flaw allows attackers to exploit the IPSec VPN feature remotely without authentication, though it requires a specific configuration to be vulnerable. If your firewall uses User-Based-PSK authentication mode with usernames longer than 28 characters, it's important to apply the latest security patches.

Protecting your network

Given the severity of these vulnerabilities, it's key to take proactive steps to protect your devices.

Here are some measures you can implement:

1.?Update Firmware: Ensure that your Zyxel routers and firewalls are running the latest firmware versions. This is the most effective way to protect against known vulnerabilities.

2. Regularly Check for Updates: Make it a habit to check for firmware updates regularly, as new vulnerabilities can be discovered and patched at any time.

3. Strengthen Device Configuration: If possible, avoid using default configurations. Implement strong, unique passwords, and disable any unnecessary services or features.

4. Monitor Network Traffic: Keep an eye on your network for any unusual activity that could indicate a potential breach.

By staying informed and proactive, you can help protect your network from potential cyber threats. For expert assistance in updating your devices or implementing robust security measures, don't hesitate to reach out to us at Defense.com.

For the latest information on these vulnerabilities, we recommend visiting Zyxel's official security advisory page.

Bradleigh Bishop | SOC Team Lead