Tuesday , July 1 2025
zyxel

Zyxel Releases Patches for Firmware Vulnerabilities

infosecbulletin Wednesday , June 5 2024 Vulnerabilities

Zyxel has released patches addressing command injection and remote code execution vulnerabilities in two NAS products that have reached end-of-vulnerability-support. Users are advised to install them for optimal protection.

Three out of five vulnerabilities could allow an unauthorized attacker to run operating system commands and arbitrary code on affected installations.

CYDES 2025
Malaysia placed cybersecurity heart of the regional agenda: DPM Ahmad Zahid

By F2 / Tuesday , July 1 2025
Malaysia's Deputy Prime Minister Datuk Seri Dr. Ahmad Zahid Hamidi said that Malaysia has placed cybersecurity at the heart of...
Read More
CYDES 2025 Malaysia placed cybersecurity heart of the regional agenda: DPM Ahmad Zahid

Amid Meta moves; OpenAI is largely shutting down next week: Wired

By F2 / Tuesday , July 1 2025
Mark Chen, the chief research officer at OpenAI, sent a forceful memo to staff on Saturday, promising to go head-to-head...
Read More
Amid Meta moves; OpenAI is largely shutting down next week: Wired

Canada orders Hikvision to close operations over national security

By F2 / Tuesday , July 1 2025
The Canadian government ordered Hikvision to stop all operations in the country due to national security concerns. Hikvision, based in...
Read More
Canada orders Hikvision to close operations over national security

First couple “Rosie” to conceive using AI tech “STAR” successfully

By infosecbulletin / Sunday , June 29 2025
Doctors at Columbia University Fertility Center have reported what they are calling the first pregnancy using a new AI system,...
Read More
First couple “Rosie” to conceive using AI tech “STAR” successfully

Scattered Spider Actively Attacking Aviation and Transportation: FBI

By infosecbulletin / Saturday , June 28 2025
Cybersecurity experts and federal authorities are warning that the Scattered Spider hackers are now targeting aviation and transportation, indicating a...
Read More
Scattered Spider Actively Attacking Aviation and Transportation: FBI

Russia’s restrictions on Cloudflare making websites inaccessible

By F2 / Saturday , June 28 2025
Since June 9, 2025, Russian users connecting to Cloudflare services have faced throttling by ISPs. As the throttling is being...
Read More
Russia’s restrictions on Cloudflare making websites inaccessible

61 million Verizon records allegedly posted online for sale

By infosecbulletin / Saturday , June 28 2025
A new report from SafetyDetectives reveals that hackers posted a massive 3.1GB dataset online, containing about 61 million records reportedly...
Read More
61 million Verizon records allegedly posted online for sale

Cyber Expert ‘Rene Joshilda’ Arrested for Bomb Hoaxes

By infosecbulletin / Friday , June 27 2025
A 30-year-old robotics engineer from Chennai set off alarm bells in 11 states by allegedly sending hoax bomb threats. She...
Read More
Cyber Expert ‘Rene Joshilda’ Arrested for Bomb Hoaxes

Critical RCE Flaws in Cisco ISE and ISE-PIC Allow to Gain Root Access

By infosecbulletin / Friday , June 27 2025
Cisco has issued updates to fix two critical security vulnerabilities in Identity Services Engine (ISE) and ISE Passive Identity Connector...
Read More
Critical RCE Flaws in Cisco ISE and ISE-PIC Allow to Gain Root Access

CISA Warns of FortiOS Hard-Coded Credentials Vulns

By F2 / Thursday , June 26 2025
CISA warns about a serious vulnerability in Fortinet FortiOS that threatens network security. CISA included CVE-2019-6693 in its Known Exploited...
Read More
CISA Warns of FortiOS Hard-Coded Credentials Vulns

CVE-2024-29972

This command injection vulnerability in the CGI program “remote_help-cgi” in Zyxel NAS326 and NAS542 devices could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted HTTP POST request.

CVE-2024-29973

This command injection vulnerability in the “setCookie” parameter in Zyxel NAS326 and NAS542 devices could allow an unauthenticated attacker to execute some OS commands by sending a crafted HTTP POST request.

CVE-2024-29974

This remote code execution vulnerability in the CGI program “file_upload-cgi” in Zyxel NAS326 and NAS542 devices could allow an unauthenticated attacker to execute arbitrary code by uploading a crafted configuration file to a vulnerable device.

CVE-2024-29975

This improper privilege management vulnerability in the SUID executable binary in Zyxel NAS326 and NAS542 devices could allow an authenticated local attacker with administrator privileges to execute some system commands as the “root” user on a vulnerable device.

CVE-2024-29976

This improper privilege management vulnerability in the command “show_allsessions” in Zyxel NAS326 and NAS542 devices could allow an authenticated attacker to obtain a logged-in administrator’s session information containing cookies on an affected device.

Outpost24 security researcher Timothy Hjort credited and reported five flaws.

Check Also

Citrix

Citrix Released Emergency Patches for Actively Exploited CVE-2025-6543

Citrix has issued security updates for a critical vulnerability in NetScaler ADC that has been …

Leave a Reply

Your email address will not be published. Required fields are marked *

Mail: [email protected]
© Copyright 2025, All Rights Reserved InfoSecBulletin