FEATUREDTechnology

Business routers vulnerable to OS command injection attack



Multiple business router models, built by the Taiwanese networking giant Zyxel, carried a critical vulnerability which allowed malicious actors to run any command, remotely. The manufacturer recently released a fix which addresses the flaw, so installing it straight away is highly recommended.

As the company explained in an advisory, the vulnerability is described as an “input validation fault caused by improper handling of user-supplied data.” In other words, the underlying OS does not validate the data a user inputs, potentially allowing crooks to run OS command injection. The bug is tracked as CVE-2024-7261, and carries a severity score of 9.8/10 – critical.



Source link

Leave a Reply

Your email address will not be published. Required fields are marked *