Zyxel Vulnerability Audit – CVE-2024-7261

Discover Vulnerable Zyxel Products in Your IT Estate

Zyxel Networks has released patches for a number of its access points and security routers in response to a critical OS command injection vulnerability impacting several versions. The vulnerability tracked as CVE-2024-7261 received a critical CVSS v3 score of 9.8 and could allow an unauthorized attacker to execute OS system commands.

The report below will help you locate any Zyxel products that may be at risk and need to be updated. You can read more about this vulnerability in the Zyxel Vulnerability blog post.

Run The Zyxel Vulnerability Audit Report

Zyxel Vulnerability Audit On-Prem Query

Select Top 1000000 tblAssets.AssetID,
tsysAssetTypes.AssetTypeIcon10 As Icon,
tblAssets.AssetName,
tblAssets.IPAddress,
tblAssets.Description,
tblAssetCustom.Manufacturer,
tblAssetCustom.Model,
tsysIPLocations.IPLocation,
Case
When (tblAssetCustom.Model Like '%NWA50AX%' 
and tblAssetCustom.Model not Like '%PRO%') Then '7.00(ABYW.2)'
When (tblAssetCustom.Model Like '%NWA50AX%' 
and tblAssetCustom.Model  Like '%PRO%') Then '7.00(ACGE.2)'
When tblAssetCustom.Model Like '%NWA55AXE%' Then '7.00(ABZL.2)'
When (tblAssetCustom.Model Like '%NWA90AX%' 
and tblAssetCustom.Model not Like '%PRO%') Then '7.00(ACCV.2)'
When (tblAssetCustom.Model Like '%NWA90AX%' 
and tblAssetCustom.Model  Like '%PRO%') Then '	7.00(ACGF.2)'
When tblAssetCustom.Model Like '%NWA110AX%' Then '7.00(ABTG.2)'
When tblAssetCustom.Model Like '%NWA130BE%' Then '7.00(ACIL.2)'
When tblAssetCustom.Model Like '%NWA210AX%' Then '7.00(ABTD.2)'
When tblAssetCustom.Model Like '%NWA220AX-6E%' Then '7.00(ACCO.2)'
When tblAssetCustom.Model Like '%NWA1123-AC%PRO%' Then '6.28(ABHD.3)'
When tblAssetCustom.Model Like '%NWA1123ACv3%' Then '6.70(ABVT.5)'
When (tblAssetCustom.Model Like '%WAC500%'
and tblAssetCustom.Model not Like '%H%') Then '6.70(ABVS.5)'
When tblAssetCustom.Model Like '%WAC500H%' Then '6.70(ABWA.5)'
When tblAssetCustom.Model Like '%WAC6103D-I%' Then '6.28(AAXH.3)'
When tblAssetCustom.Model Like '%WAC6502D-S%' Then '6.28(AASE.3)'
When tblAssetCustom.Model Like '%WAC6503D-S%' Then '6.28(AASF.3)'
When tblAssetCustom.Model Like '%WAC6552D-S%' Then '6.28(ABIO.3)'
When tblAssetCustom.Model Like '%WAC6553D-E%' Then '6.28(AASG.3)'
When tblAssetCustom.Model Like '%WAX300H%' Then '7.00(ACHF.2)'
When tblAssetCustom.Model Like '%WAX510D%' Then '7.00(ABTF.2)'
When tblAssetCustom.Model Like '%WAX610D%' Then '7.00(ABTE.2)'
When tblAssetCustom.Model Like '%WAX620D-6E%' Then '7.00(ACCN.2)'
When tblAssetCustom.Model Like '%WAX630S%' Then '7.00(ABZD.2)'
When tblAssetCustom.Model Like '%WAX640S-6E%' Then '7.00(ABZL.2)'
When tblAssetCustom.Model Like '%WAX650S%' Then '7.00(ABRM.2)'
When tblAssetCustom.Model Like '%WAX655E%' Then '7.00(ACDO.2)'
When tblAssetCustom.Model Like '%WBE530%' Then '7.00(ACLE.2)'
When tblAssetCustom.Model Like '%WBE660S%' Then '7.00(ACGG.2)'
When tblAssetCustom.Model Like '%USG%LITE%60AX%' Then '7.00(ABZL.2)'
End As FixedVersion,
Case
When tblErrors.ErrorText Is Not Null Or
tblErrors.ErrorText != '' Then
'Scanning Error: ' + tsysasseterrortypes.ErrorMsg
Else ''
End As ScanningErrors,
tblAssets.Firstseen,
tblAssets.Lastseen
From tblAssets
Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype
Left Outer Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
Left Outer Join tsysOS On tsysOS.OScode = tblAssets.OScode
Inner Join tblState On tblState.State = tblAssetCustom.State
Inner Join tsysIPLocations On tsysIPLocations.LocationID =
tblAssets.LocationID
Left Join (Select Distinct Top 1000000 tblErrors.AssetID As ID,
Max(tblErrors.Teller) As ErrorID
From tblErrors
Group By tblErrors.AssetID) As ScanningError On tblAssets.AssetID =
ScanningError.ID
Left Join tblErrors On ScanningError.ErrorID = tblErrors.Teller
Left Join tsysasseterrortypes On tsysasseterrortypes.Errortype =
tblErrors.ErrorType
Where tblState.Statename = 'Active' and tblAssetCustom.Manufacturer LIKE '%Zyxel%'and 
(tblAssetCustom.Model Like '%NWA50AX%' or
tblAssetCustom.Model Like '%NWA55AXE%' or
tblAssetCustom.Model Like '%NWA90AX%' or
tblAssetCustom.Model Like '%NWA110AX%' or
tblAssetCustom.Model Like '%NWA130BE%' or
tblAssetCustom.Model Like '%NWA210AX%' or 
tblAssetCustom.Model Like '%NWA220AX-6E%' or
tblAssetCustom.Model Like '%NWA1123-AC%PRO%' or
tblAssetCustom.Model Like '%NWA1123ACv3%' or
tblAssetCustom.Model Like '%WAC500%'or
tblAssetCustom.Model Like '%WAC6103D-I%' or
tblAssetCustom.Model Like '%WAC6502D-S%'or
tblAssetCustom.Model Like '%WAC6503D-S%' or
tblAssetCustom.Model Like '%WAC6552D-S%' or
tblAssetCustom.Model Like '%WAC6553D-E%' or
tblAssetCustom.Model Like '%WAX300H%' or
tblAssetCustom.Model Like '%WAX510D%' or
tblAssetCustom.Model Like '%WAX610D%' or
tblAssetCustom.Model Like '%WAX620D-6E%' or
tblAssetCustom.Model Like '%WAX630S%' or
tblAssetCustom.Model Like '%WAX640S-6E%' or
tblAssetCustom.Model Like '%WAX650S%' or
tblAssetCustom.Model Like '%WAX655E%' or
tblAssetCustom.Model Like '%WBE530%' or
tblAssetCustom.Model Like '%WBE660S%' or
tblAssetCustom.Model Like '%USG%LITE%60AX%' ) ;

Show

Hide