Zyxel has released a patch addressing an OS command injection vulnerability in the NWA1100-NH access point. Users are advised to install it for optimal protection.
What is the vulnerability?
An OS command-injection vulnerability in the NWA1100-NH access point could allow an attacker to execute arbitrary OS commands via the web interface of the vulnerable device.
What versions are vulnerable—and what should you do?
After a thorough investigation, we’ve identified only one vulnerable product and released a firmware patch to address the issue, as shown in the table below.
Got a question or a tipoff?
Please contact your local service rep or visit Zyxel’s forum for further information or assistance.
If you want to be informed of any other new security vulnerability, please check and follow this KB:
You can click the "Follow" button on the top of this article to get this article's updates.
Thanks to Ahmed Alroky for reporting the issue to us.
2022-03-01: Initial release