InfoSecBulletin Cybersecurity for mankind
Zyxel issued hotfixes for a severe command injection vulnerability traced as CVE-2024-6342, affecting its NAS326 and NAS542 network-attached storage (NAS) devices.
The flaw reported by security researchers Nanyu Zhong and Jinwei Dong from VARAS@IIE, poses significant risks for it allows bad actor to execute arbitrary operating system commands.
Qilin Ransomware topped April 2025 with 45+ data leak disclosures
SonicWall Patches 3 Flaws in SMA 100 Devices
Top Ransomware Actively Attacking Financial Sector: 406 Incidents Disclosed
Critical (CVSS 10) Flaw in Cisco IOS XE WLCs Allows RRA
CVE-2025-29824
Play Ransomware Exploited Windows CVE-2025-29824 as Zero-Day
Hacker exploited Samsung MagicINFO 9 Server RCE flaw
CISA adds Langflow flaw to its KEV catalog
Google Fixes Android Flaw (CVE-2025-27363) Exploited by Attackers
UAP hosted “UAP Cyber Siege 2025”, A national level cybersecurity competition
xAI Dev Leaks API Key for Private SpaceX, Tesla & Tweeter
Its concerning because of its widespread use of Zyxel NAS devices in small to medium-sized businesses (SMBs) for data storage and backup functions.
Zyxel has released hotfixes for its NAS even though they are no longer in the support phase, highlighting the seriousness of security vulnerability. This action shows Zyxel’s commitment to customer safety and the importance of continued security awareness for all devices regardless of their support status.
Zyxel recommends that users apply available hotfixes right away, despite no current active exploitation of the vulnerability. Recent incidents, like CVE:2024-29973 show that NAS devices are appealing targets for cybercriminals, highlighting the importance of quick action to prevent breeches.
Zyxel’s response highlights the importance of security updates for users of older technology. To protect sensitive data, it is essential to promptly apply security patches. Users of Zyxel NAA326 and NAS542 devices should quickly implement the hotfixes to defend against potential attacks.
