CVE-2024-7261 — CRITICAL (9.8)

Q: How severe is CVE-2024-7261?

CVE-2024-7261 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2024-7261?

Check the references section above for vendor advisories and patch information. Affected products include: Zyxel Nwa110Ax Firmware, Zyxel Nwa110Ax, Zyxel Nwa1123-Ac Pro Firmware, Zyxel Nwa1123-Ac Pro, Zyxel Nwa1123Acv3 Firmware.

Vulnerability Description

The improper neutralization of special elements in the parameter "host" in the CGI program of Zyxel NWA1123ACv3 firmware version 6.70(ABVT.4) and earlier, WAC500 firmware version 6.70(ABVS.4) and earlier, WAX655E firmware version 7.00(ACDO.1) and earlier, WBE530 firmware version 7.00(ACLE.1) and earlier, and USG LITE 60AX firmware version V2.00(ACIP.2) could allow an unauthenticated attacker to execute OS commands by sending a crafted cookie to a vulnerable device.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Zyxel	Nwa110Ax Firmware	< 7.00\(abtg.2\)
Zyxel	Nwa110Ax	-
Zyxel	Nwa1123-Ac Pro Firmware	< 6.28\(abhd.3\)
Zyxel	Nwa1123-Ac Pro	-
Zyxel	Nwa1123Acv3 Firmware	< 6.70\(abvt.5\)
Zyxel	Nwa1123Acv3	-
Zyxel	Nwa130Be Firmware	< 7.00\(acil.2\)
Zyxel	Nwa130Be	-
Zyxel	Nwa210Ax Firmware	< 7.00\(abtd.2\)
Zyxel	Nwa210Ax	-
Zyxel	Nwa220Ax-6E Firmware	< 7.00\(acco.2\)
Zyxel	Nwa220Ax-6E	-
Zyxel	Nwa50Ax Firmware	< 7.00\(abyw.2\)
Zyxel	Nwa50Ax	-
Zyxel	Nwa50Ax Pro Firmware	< 7.00\(acge.2\)
Zyxel	Nwa50Ax Pro	-
Zyxel	Nwa55Axe Firmware	< 7.00\(abzl.2\)
Zyxel	Nwa55Axe	-
Zyxel	Nwa90Ax Firmware	< 7.00\(accv.2\)
Zyxel	Nwa90Ax	-

Related Weaknesses (CWE)

CWE-78

References

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisVendor Advisory

FAQ

What is CVE-2024-7261?

CVE-2024-7261 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The improper neutralization of special elements in the parameter "host" in the CGI program of Zyxel NWA1123ACv3 firmware version 6.70(ABVT.4) and earlier, WAC500 firmware version 6.70(ABVS.4) and ea...

How severe is CVE-2024-7261?

CVE-2024-7261 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2024-7261?

Check the references section above for vendor advisories and patch information. Affected products include: Zyxel Nwa110Ax Firmware, Zyxel Nwa110Ax, Zyxel Nwa1123-Ac Pro Firmware, Zyxel Nwa1123-Ac Pro, Zyxel Nwa1123Acv3 Firmware.