CVE-2024-8234

Name of the Vulnerable Software and Affected Versions: Zyxel NWA1100-N version 1.00(AACE.1)C0

Description: A command injection vulnerability in the functions formSysCmd(), formUpgradeCert(), and formDelcert() could allow an unauthenticated attacker to execute some OS commands to access system files on an affected device. This issue affects the Zyxel NWA1100-N firmware, potentially exposing devices to the risk of full system compromise.

Recommendations: For Zyxel NWA1100-N version 1.00(AACE.1)C0, upgrade to a supported version as soon as possible or apply security mitigations to minimize the risk of exploitation. As a temporary workaround, consider restricting access to the vulnerable functions formSysCmd(), formUpgradeCert(), and formDelcert() until a patch is available.