Wednesday , February 19 2025
Router

Critical Security Flaws Patched in Zyxel Networking Devices

Zyxel has released software updates to fix a serious security issue in certain access point (AP) and security router versions. This flaw could allow the execution of unauthorized commands.

The vulnerability known as CVE-2024-7261 (CVSS score: 9.8) involves an operating system (OS) command injection.

150 Gov.t Portal affected
Black-Hat SEO Poisoning Indian “.gov.in, .ac.in” domain

Indian government and educational websites, along with reputable financial brands, have experienced SEO poisoning, causing user traffic to be redirected...
Read More
150 Gov.t Portal affected  Black-Hat SEO Poisoning Indian “.gov.in, .ac.in” domain

CVE-2018-19410 Exposes 600 PRTG Instances in Bangladesh

The Cyber Threat Intelligence Unit of BGD e-GOV CIRT has found 600 vulnerable PRTG instances in Bangladesh, affected by the...
Read More
CVE-2018-19410 Exposes 600 PRTG Instances in Bangladesh

Builder claims Rs 150 cr for data loss; AWS faces FIR In Bengaluru

Amazon Web Services (AWS) has been named in an FIR after a builder claimed damages to the tune of Rs...
Read More
Builder claims Rs 150 cr for data loss;  AWS faces FIR In Bengaluru

CISA Warns Active Exploitation of Apple iOS Security Flaw

CISA has issued an urgent warning about a critical zero-day vulnerability in Apple iOS and iPadOS, known as CVE-2025-24200, which...
Read More
CISA Warns Active Exploitation of Apple iOS Security Flaw

Massive IoT Data Breach Exposes 2.7 Billion Records

A major IoT data breach has exposed 2.7 billion records, including Wi-Fi network names, passwords, IP addresses, and device IDs....
Read More
Massive IoT Data Breach Exposes 2.7 Billion Records

SonicWall Firewall Auth Bypass Vulnerability Exploited in Wild

A serious authentication bypass vulnerability in SonicWall firewalls, called CVE-2024-53704, is currently being exploited, according to cybersecurity firms. The increase...
Read More
SonicWall Firewall Auth Bypass Vulnerability Exploited in Wild

AMD Patches High-Severity SMM Vulns Affecting EPYC and Ryzen Processors

AMD has released security patches for two high-severity vulnerabilities in its System Management Mode (SMM). If exploited, these could let...
Read More
AMD Patches High-Severity SMM Vulns Affecting EPYC and Ryzen Processors

Lazarus Group Unleashes New Malware Against Developers Worldwide

Lazarus Group has initiated a complex global campaign aimed at software developers and cryptocurrency users. Operation Marstech Mayhem uses the...
Read More
Lazarus Group Unleashes New Malware Against Developers Worldwide

Daily Security Update Dated : 15.02.2025

Every day a lot of cyberattack happen around the world including ransomware, Malware attack, data breaches, website defacement and so...
Read More
Daily Security Update Dated : 15.02.2025

Salt Typhoon to target Bangladeshi Universities, One identified

RedMike (Salt Typhoon) targeted university devices in Bangladesh, likely to access research in telecommunications, engineering, and technology, especially from institutions...
Read More
Salt Typhoon to target Bangladeshi Universities, One identified

“The improper neutralization of special elements in the parameter ‘host’ in the CGI program of some AP and security router versions could allow an unauthenticated attacker to execute OS commands by sending a crafted cookie to a vulnerable device,” Zyxel said in an advisory.

Chengchao Ai from Fuzhou University’s ROIS team discovered and reported the flaw.

Zyxel has released updates for several vulnerabilities in its routers and firewalls. Some of these vulnerabilities are considered high severity and can lead to OS command execution, denial-of-service (DoS), or access browser-based information.on .

CVE-2024-5412 (CVSS score: 7.5) – A buffer overflow vulnerability in the “libclinkc” library allowing an attacker to cause DoS conditions via a specially crafted HTTP request

CVE-2024-6343 (CVSS score: 4.9) – “A buffer overflow vulnerability that could allow an attacker with administrator privileges to trigger DoS conditions by means of a specially crafted HTTP request”

CVE-2024-7203 (CVSS score: 7.2) – A vulnerability that allows an authenticated attacker with administrator privileges to execute OS commands

CVE-2024-42057 (CVSS score: 8.1) – A vulnerability in the IPSec VPN feature allowing an unauthenticated attacker to execute OS commands

CVE-2024-42058 (CVSS score: 7.5) – A vulnerability that could cause a denial-of-service (DoS) condition by sending crafted packets without user authentication

CVE-2024-42059 (CVSS score: 7.2) – A command injection vulnerability that allows an authenticated attacker with admin privileges to execute OS commands by uploading a crafted compressed language file via FTP

CVE-2024-42060 (CVSS score: 7.2) – A post-authentication command injection vulnerability in some firewall versions could allow an authenticated attacker with administrator privileges to execute some OS commands

CVE-2024-42061 (CVSS score: 6.1) – A vulnerability that allows an attacker to manipulate a user into visiting a malicious URL and obtaining browser-based information.

Check Also

20

CISA Releases Advisories For 20 Industrial Control Systems (ICS)

On February 13, 2025, the Cybersecurity and Infrastructure Security Agency (CISA) issued 20 advisories about …

Leave a Reply

Your email address will not be published. Required fields are marked *