Is CVE-2024-7261 actively exploited?

CVE-2024-7261 has no public evidence of in-the-wild exploitation as of 2024-09-13.

What is the CVSS score for CVE-2024-7261?

CVE-2024-7261 has a CVSS score of 9.8 (CRITICAL severity). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

How do I patch CVE-2024-7261?

Patch guidance is available from zyxel security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2024-7261.

Fix CVE-2024-7261 - CRITICAL zyxel nwa110ax firmware

Q: Which products are affected by CVE-2024-7261?

29 products: zyxel nwa110ax firmware, zyxel nwa1123-ac pro firmware, zyxel nwa1123acv3 firmware, zyxel nwa130be firmware, zyxel nwa210ax firmware, and 24 more.

Description

The improper neutralization of special elements in the parameter "host" in the CGI program of Zyxel NWA1123ACv3 firmware version 6.70(ABVT.4) and earlier, WAC500 firmware version 6.70(ABVS.4) and earlier, WAX655E firmware version 7.00(ACDO.1) and earlier, WBE530 firmware version 7.00(ACLE.1) and earlier, and USG LITE 60AX firmware version V2.00(ACIP.2) could allow an unauthenticated attacker to execute OS commands by sending a crafted cookie to a vulnerable device.

CVSS Metrics

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector: network
Complexity: low
Privileges: none
User Action: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high
Weaknesses: CWE-78 · OS Command Injection

Metadata

Primary Vendor: ZYXEL
Published: 9/3/2024
Last Modified: 9/13/2024
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

zyxel : nwa110ax_firmwarezyxel : nwa1123-ac_pro_firmwarezyxel : nwa1123acv3_firmwarezyxel : nwa130be_firmwarezyxel : nwa210ax_firmwarezyxel : nwa220ax-6e_firmwarezyxel : nwa50ax_firmwarezyxel : nwa50ax_pro_firmwarezyxel : nwa55axe_firmwarezyxel : nwa90ax_firmwarezyxel : nwa90ax_pro_firmwarezyxel : usg_lite_60ax_firmwarezyxel : wac500_firmwarezyxel : wac500h_firmwarezyxel : wac6103d-i_firmwarezyxel : wac6502d-s_firmwarezyxel : wac6503d-s_firmwarezyxel : wac6552d-s_firmwarezyxel : wac6553d-e_firmwarezyxel : wax300h_firmwarezyxel : wax510d_firmwarezyxel : wax610d_firmwarezyxel : wax620d-6e_firmwarezyxel : wax630s_firmwarezyxel : wax640s-6e_firmwarezyxel : wax650s_firmwarezyxel : wax655e_firmwarezyxel : wbe530_firmwarezyxel : wbe660s_firmware

Remediation Guidance

Executive Summary

View on NIST NVD