CVE-2024-7261
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78)
Summary
An improper neutralization of special elements vulnerability has been identified in the "host" parameter of the CGI program in several Zyxel devices. This vulnerability affects multiple firmware versions across different Zyxel products: - NWA1123ACv3: firmware version 6.70(ABVT.4) and earlier - WAC500: firmware version 6.70(ABVS.4) and earlier - WAX655E: firmware version 7.00(ACDO.1) and earlier - WBE530: firmware version 7.00(ACLE.1) and earlier - USG LITE 60AX: firmware version V2.00(ACIP.2) The vulnerability allows an unauthenticated attacker to execute OS commands by sending a crafted cookie to a vulnerable device.
Impact
This vulnerability has a critical impact potential. If exploited, an attacker could: 1. Execute arbitrary OS commands on the affected devices, potentially leading to complete system compromise. 2. Gain unauthorized access to sensitive information stored on or passing through the device. 3. Modify system configurations or data, potentially disrupting network operations. 4. Use the compromised device as a pivot point to launch further attacks on the internal network. 5. Cause service disruptions or device malfunctions by executing malicious commands. The severity is underscored by the CVSS v3.1 base score of 9.8 (Critical), with high impacts on confidentiality, integrity, and availability. The attack vector is network-based, requires no user interaction, and can be executed without authentication, making it particularly dangerous.
Exploitation
There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.
Patch
As of the provided information, there is no mention of a specific patch being available. However, given the critical nature of the vulnerability, it is highly recommended to check for and apply any security updates or patches that Zyxel may release for the affected devices and firmware versions.
Mitigation
While awaiting a patch, consider the following mitigation strategies: 1. Isolate affected devices from untrusted networks, especially the internet, using firewalls or network segmentation. 2. Implement strict access controls to limit who can reach these devices on the network. 3. Monitor logs and network traffic for suspicious activities, particularly focusing on unusual requests to the CGI program. 4. If possible, disable or restrict access to the vulnerable CGI program until a patch is available. 5. Regularly check Zyxel's security advisories for updates on this vulnerability and potential patches. 6. Consider upgrading to newer firmware versions if they become available and are confirmed to address this vulnerability. 7. Implement network intrusion detection/prevention systems (IDS/IPS) to detect and block potential exploitation attempts.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Timeline
Feedly found the first article mentioning CVE-2024-7261. See article
Feedly estimated the CVSS score as HIGH
NVD published the first details for CVE-2024-7261
A CVSS base score of 9.8 has been assigned.
EPSS Score was set to: 0.09% (Percentile: 39.1%)
This CVE started to trend in security discussions
The vulnerability CVE-2024-7261 is rated extremely critical with a CVSS score of 9.8, indicating its severity. It is currently being exploited in the wild by threat actors, with proof-of-concept exploits available. Mitigations, detections, and patches are not yet available, posing downstream impacts to other third party vendors and technology. See article
This CVE stopped trending in security discussions