CVE-2024-7261

{"id": "CVE-2024-7261", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "security@zyxel.com.tw", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2024-09-03T03:15:03.940", "references": [{"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-os-command-injection-vulnerability-in-aps-and-security-router-devices-09-03-2024", "tags": ["Vendor Advisory"], "source": "security@zyxel.com.tw"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security@zyxel.com.tw", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "The improper neutralization of special elements in the parameter \"host\" in the CGI program of Zyxel NWA1123ACv3 firmware version 6.70(ABVT.4) and earlier, WAC500 firmware version 6.70(ABVS.4) \n\nand earlier, WAX655E firmware version 7.00(ACDO.1) and earlier, WBE530 firmware version 7.00(ACLE.1) \n\nand earlier, and\u00a0USG LITE 60AX firmware version\u00a0V2.00(ACIP.2) could allow an unauthenticated attacker to execute OS commands by sending a crafted cookie to a vulnerable device."}, {"lang": "es", "value": "La neutralizaci\u00f3n incorrecta de elementos especiales en el par\u00e1metro \"host\" en el programa CGI de la versi\u00f3n de firmware 6.70(ABVT.4) y anteriores de Zyxel NWA1123ACv3, la versi\u00f3n de firmware 6.70(ABVS.4) y anteriores de WAC500, la versi\u00f3n de firmware 7.00(ACDO.1) y anteriores de WAX655E, la versi\u00f3n de firmware 7.00(ACLE.1) y anteriores de WBE530, y la versi\u00f3n de firmware V2.00(ACIP.2) de USG LITE 60AX podr\u00eda permitir que un atacante no autenticado ejecute comandos del sistema operativo enviando una cookie manipulada a un dispositivo vulnerable."}], "lastModified": "2024-09-13T19:39:40.570", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:nwa110ax_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4516EB83-8B99-40BD-94E5-CBD5057107B8", "versionEndExcluding": "7.00\\(abtg.2\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:nwa110ax:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6A3F9232-F988-4428-9898-4F536123CE88"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:nwa1123-ac_pro_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9875CD66-9249-4702-88E5-B1239FA4AD29", "versionEndExcluding": "6.28\\(abhd.3\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:nwa1123-ac_pro:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "145723DB-C34B-4C2A-B3C2-7A5CFEF503CA"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:nwa1123acv3_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5C88D274-D770-46F9-A802-93B1C72C3802", "versionEndExcluding": "6.70\\(abvt.5\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:nwa1123acv3:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "36C13E7F-2186-4587-83E9-57B05A7147B7"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:nwa130be_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1D1105DC-E628-45C7-BB10-6EFB8038FC46", "versionEndExcluding": "7.00\\(acil.2\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:nwa130be:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "782F9AB7-3464-4BFE-B502-B62CD51A8865"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:nwa210ax_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E4F03710-B004-4AA1-BBE3-FD6AD2ABF681", "versionEndExcluding": "7.00\\(abtd.2\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:nwa210ax:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1BB129F9-64D8-43C2-9366-51EBDF419F5F"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:nwa220ax-6e_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BFD8274A-8135-4C3F-9998-4F13170DC5BD", "versionEndExcluding": "7.00\\(acco.2\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:nwa220ax-6e:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6E03F755-424D-4248-9076-ED7BECEB94C5"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:nwa50ax_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "439ED873-6DBF-4B67-B7B6-B285D885093C", "versionEndExcluding": "7.00\\(abyw.2\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:nwa50ax:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2806A3B3-8F13-4170-B284-8809E3502044"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:nwa50ax_pro_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "76456787-1EB9-4585-A2D3-CAD77786B3EF", "versionEndExcluding": "7.00\\(acge.2\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:nwa50ax_pro:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F36E7DCD-08BA-4FA1-9A8E-ADE956704132"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:nwa55axe_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "319234D0-CBED-43AD-B21C-E3893786FA00", "versionEndExcluding": "7.00\\(abzl.2\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:nwa55axe:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B7440976-5CB4-40BE-95C2-98EF4B888109"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:nwa90ax_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0BA77A46-A9BF-46A7-BCC3-0851FD2EDB4B", "versionEndExcluding": "7.00\\(accv.2\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:nwa90ax:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3A903978-737E-4266-A670-BC94E32CAF96"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:nwa90ax_pro_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C991363D-0CD5-4242-9B6D-903B6C71F3F3", "versionEndExcluding": "7.00\\(acgf.2\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:nwa90ax_pro:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "480A495A-A4C4-4696-B500-B6333C79A28B"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:usg_lite_60ax_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CC39E0F3-D1D4-41BE-ABF1-F01A7AC1F959", "versionEndExcluding": "v2.00\\(acip.3\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:usg_lite_60ax:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "EC710993-3E55-4C88-A261-0A67F5069071"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:wac500_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4E3E89C7-C3DA-4B4E-A8F1-EF854EB61C0C", "versionEndExcluding": "6.70\\(abvs.5\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:wac500:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7C024551-F08F-4152-940D-1CF8BCD79613"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:wac500h_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "84A27C2E-140D-4554-8AD1-D9EBB76CF9D5", "versionEndExcluding": "6.70\\(abwa.5\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:wac500h:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1A1FD502-4F62-4C77-B3BC-E563B24F0067"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:wac6103d-i_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0867C187-0BF0-4F4E-B291-3858810724D6", "versionEndExcluding": "6.28\\(aaxh.3\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:wac6103d-i:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "341DB051-7F01-4B36-BA15-EBC25FACB439"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:wac6502d-s_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7DBA0866-22E5-4CE6-886C-CE21E6A4E6B0", "versionEndExcluding": "6.28\\(aase.3\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:wac6502d-s:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "DD108388-ABE5-4142-910F-C3C8B1C13617"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:wac6503d-s_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "45449005-459C-4062-97FB-31B7CB249E21", "versionEndExcluding": "6.28\\(aasf.3\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:wac6503d-s:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "4DFDF64A-17F5-4F05-8700-DCA36CCB6F2B"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:wac6552d-s_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8C083097-E839-49ED-B4A8-8AEF5C502E47", "versionEndExcluding": "6.28\\(abio.3\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:wac6552d-s:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "CD47738A-9001-4CC1-8FED-1D1CFC56F548"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:wac6553d-e_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "04666D56-1996-461E-B8AB-C5BCA6399EE8", "versionEndExcluding": "6.28\\(aasg.3\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:wac6553d-e:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "55273BCE-4F2C-4ED9-9FCB-D1197555BD53"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:wax300h_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FBEEF0EC-A325-4D02-B69E-AE24A4669C57", "versionEndExcluding": "7.00\\(achf.2\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:wax300h:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C3073565-BCDF-46EA-8FB0-E9BF402A5122"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:wax510d_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6295B167-56B0-4F68-8163-0ECCA7ED5E0C", "versionEndExcluding": "7.00\\(abtf.2\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:wax510d:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2A37A0E9-D505-4376-AB0E-1C0FD7E53A55"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:wax610d_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "924067FC-8230-440A-B596-05F3A39C3456", "versionEndExcluding": "7.00\\(abte.2\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:wax610d:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3518DA0A-2C7B-4979-A457-0826C921B0F0"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:wax620d-6e_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "24A073C2-4124-49F1-BCBF-1508A310DCA0", "versionEndExcluding": "7.00\\(accn.2\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:wax620d-6e:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2B4EBCC9-4FF9-41FC-9FFE-DBFAB239888B"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:wax630s_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BC244157-2D23-4DC2-A809-869948AC2096", "versionEndExcluding": "7.00\\(abzd.2\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:wax630s:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "DC74AAF9-5206-4CEB-9023-6CD4F38AA623"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:wax640s-6e_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "10075392-47BE-4B55-BEEF-6D259C6AFDF5", "versionEndExcluding": "7.00\\(accm.2\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:wax640s-6e:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "20E4E9A0-DF92-47B7-94D6-0867E3171E47"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:wax650s_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "794E19F4-ED5D-403C-BFA7-7D089FACC45F", "versionEndExcluding": "7.00\\(abrm.2\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:wax650s:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D784994E-E2CE-4328-B490-D9DC195A53DB"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:wax655e_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9E1F72E5-0336-4565-802F-75A746DD4AA9", "versionEndExcluding": "7.00\\(acdo.2\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:wax655e:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "61158220-B5E8-4BF4-B2C2-E8ABFD3266CF"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:wbe530_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C302D991-2BAB-4C64-B0E0-EAEE19F79765", "versionEndExcluding": "7.00\\(acle.2\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:wbe530:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3061579E-C708-42BC-86FC-B6223B941335"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:wbe660s_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "52534374-242E-457F-A794-8A1AEFECA38F", "versionEndExcluding": "7.00\\(acgg.2\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:wbe660s:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9FC2F3A4-0598-49B0-9829-AF43C97E9E8E"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "security@zyxel.com.tw"}