heise PlusAbo
Anzeige

Zyxel: Attackers can gain control over access points and routers

A security update closes a critical vulnerability in Zyxel access point models, among others.

listen Print view
Update loads

(Image: AFANASEV IVAN/Shutterstock.com)

1 min. read
Security
By

If attacks are successful, attackers can execute their own commands on certain access points and a Zyxel security router. Secure firmware versions are available for download.

According to a warning message, attackers can attack the USG LITE 60AX security router and several access points such as NWA50AX, WAC500H and WBE660S. The vulnerability (CVE-2024-7261) is classified as"critical". Due to the classification of the vulnerability, it can be assumed that attackers can completely compromise devices after a successful attack.

Videos by heise

Because certain elements in the "host" parameter of the CGI program are not sufficiently checked, attackers can use crafted cookies to exploit the vulnerability without authentication.

The warning message states which firmware admins need to install to secure devices. Zyxel developers recently closed several security gaps in various firewall models.

(des)

Don't miss any news – follow us on Facebook, LinkedIn or Mastodon.

This article was originally published in German. It was translated with technical assistance and editorially reviewed before publication.

Beliebte Bestenlisten

Alle Angebote
Newsletter heise-Bot heise-Bot Push Nachrichten Push Push-Nachrichten