A recent vulnerability has been discovered in the Zyxel NWA50AX Pro, a WiFi 6 access point for small businesses, exposing it to an n-day flaw that allows arbitrary file deletion via a misconfigured CGI endpoint.
This issue, tracked as CVE-2024-29974, highlights the risks of shared codebases and incomplete patching in embedded devices.
https://gbhackers.com/zyxel-nwa50ax-pro ... -day-flaw/