Zyxel issued hotfixes for a severe command injection vulnerability traced as CVE-2024-6342, affecting its NAS326 and NAS542 network-attached storage (NAS) devices.
The flaw reported by security researchers Nanyu Zhong and Jinwei Dong from VARAS@IIE, poses significant risks for it allows bad actor to execute arbitrary operating system commands.
By infosecbulletin
/ Wednesday , September 18 2024
The FBI has alerted that cyber actors have compromised over 260,000 internet-connected devices, mainly routers, to form a large botnet...
Read More
By infosecbulletin
/ Wednesday , September 18 2024
Google has released Chrome 129 for Windows, Mac, and Linux users. The update will be available gradually over the next...
Read More
By infosecbulletin
/ Wednesday , September 18 2024
Broadcom has fixed a serious VMware vCenter Server vulnerability that allows attackers to execute remote code on unpatched servers through...
Read More
By infosecbulletin
/ Wednesday , September 18 2024
Ransomware groups like BianLian and Rhysida use Microsoft's Azure Storage Explorer and AzCopy to steal data from hacked networks and...
Read More
By infosecbulletin
/ Tuesday , September 17 2024
Apple has released iOS 18, the latest update for iPhones and iPads. Along with new features, it mainly focuses on...
Read More
By infosecbulletin
/ Tuesday , September 17 2024
CISA has warned Microsoft Windows MSHTML Platform Spoofing Vulnerability and Progress WhatsUp Gold SQL Injection Vulnerability actively exploited security flaws,...
Read More
By infosecbulletin
/ Tuesday , September 17 2024
Cybersecurity researcher Jeremiah Fowler found a non-password-protected database with 780,000 records from FleetPanda, a tech provider for dispatch management. The...
Read More
By infosecbulletin
/ Tuesday , September 17 2024
A recent dark web scan revealed that customer data from Dhaka Electric Supply Company Limited (DESCO) has been exposed. The...
Read More
By infosecbulletin
/ Monday , September 16 2024
Tenable Research found and fixed a remote code execution (RCE) vulnerability, called CloudImposer, in Google Cloud Platform (GCP). This flaw...
Read More
By infosecbulletin
/ Sunday , September 15 2024
In this article, we won’t dive too deep into the technical aspects of Capture The Flag (CTF) competitions. Instead, we...
Read More
Its concerning because of its widespread use of Zyxel NAS devices in small to medium-sized businesses (SMBs) for data storage and backup functions.
Zyxel has released hotfixes for its NAS even though they are no longer in the support phase, highlighting the seriousness of security vulnerability. This action shows Zyxel’s commitment to customer safety and the importance of continued security awareness for all devices regardless of their support status.
Zyxel recommends that users apply available hotfixes right away, despite no current active exploitation of the vulnerability. Recent incidents, like CVE:2024-29973 show that NAS devices are appealing targets for cybercriminals, highlighting the importance of quick action to prevent breeches.
Zyxel’s response highlights the importance of security updates for users of older technology. To protect sensitive data, it is essential to promptly apply security patches. Users of Zyxel NAA326 and NAS542 devices should quickly implement the hotfixes to defend against potential attacks.