All three of the critical flaws received CVSSv3 severity scores of 9.8 - nearly as bad as they come.
CVE-2024-29972 relates to a backdoor account in the Zyxel firmware called 'NsaRescueAngel' - a remote support account with root privileges that was supposedly removed in 2020, but appears to be alive...
CVE-2024-29973 is a Python code injection flaw that was introduced, Hjort says, after Zyxel patched a critical vuln from last year...
[
Collection
]
[
|
...
]