CVE-2024-7261

EUVD-2024-48208

03.09.2024, 03:15

The improper neutralization of special elements in the parameter "host" in the CGI program of Zyxel NWA1123ACv3 firmware version 6.70(ABVT.4) and earlier, WAC500 firmware version 6.70(ABVS.4)

and earlier, WAX655E firmware version 7.00(ACDO.1) and earlier, WBE530 firmware version 7.00(ACLE.1)

and earlier, and USG LITE 60AX firmware version V2.00(ACIP.2) could allow an unauthenticated attacker to execute OS commands by sending a crafted cookie to a vulnerable device.

OS Command Injection

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	9.8 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Zyxel	CNA	9.8 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 95%

Affected Products (NVD)

Vendor	Product	Version
zyxel	nwa110ax_firmware	𝑥 < 7.00\(abtg.2\)
zyxel	nwa1123-ac_pro_firmware	𝑥 < 6.28\(abhd.3\)
zyxel	nwa1123acv3_firmware	𝑥 < 6.70\(abvt.5\)
zyxel	nwa130be_firmware	𝑥 < 7.00\(acil.2\)
zyxel	nwa210ax_firmware	𝑥 < 7.00\(abtd.2\)
zyxel	nwa220ax-6e_firmware	𝑥 < 7.00\(acco.2\)
zyxel	nwa50ax_firmware	𝑥 < 7.00\(abyw.2\)
zyxel	nwa50ax_pro_firmware	𝑥 < 7.00\(acge.2\)
zyxel	nwa55axe_firmware	𝑥 < 7.00\(abzl.2\)
zyxel	nwa90ax_firmware	𝑥 < 7.00\(accv.2\)
zyxel	nwa90ax_pro_firmware	𝑥 < 7.00\(acgf.2\)
zyxel	wac500_firmware	𝑥 < 6.70\(abvs.5\)
zyxel	wac500h_firmware	𝑥 < 6.70\(abwa.5\)
zyxel	wac6103d-i_firmware	𝑥 < 6.28\(aaxh.3\)
zyxel	wac6502d-s_firmware	𝑥 < 6.28\(aase.3\)
zyxel	wac6503d-s_firmware	𝑥 < 6.28\(aasf.3\)
zyxel	wac6552d-s_firmware	𝑥 < 6.28\(abio.3\)
zyxel	wac6553d-e_firmware	𝑥 < 6.28\(aasg.3\)
zyxel	wax300h_firmware	𝑥 < 7.00\(achf.2\)
zyxel	wax510d_firmware	𝑥 < 7.00\(abtf.2\)
zyxel	wax610d_firmware	𝑥 < 7.00\(abte.2\)
zyxel	wax620d-6e_firmware	𝑥 < 7.00\(accn.2\)
zyxel	wax630s_firmware	𝑥 < 7.00\(abzd.2\)
zyxel	wax640s-6e_firmware	𝑥 < 7.00\(accm.2\)
zyxel	wax650s_firmware	𝑥 < 7.00\(abrm.2\)
zyxel	wax655e_firmware	𝑥 < 7.00\(acdo.2\)
zyxel	wbe530_firmware	𝑥 < 7.00\(acle.2\)
zyxel	wbe660s_firmware	𝑥 < 7.00\(acgg.2\)

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The software constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

References

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-os-command-injection-vulnerability-in-aps-and-security-router-devices-09-03-2024