Security News > 2020 > February > Zyxel Fixes 0day in Network Storage Devices

Zyxel Fixes 0day in Network Storage Devices
2020-02-24 17:13

Networking hardware vendor Zyxel today released an update to fix a critical flaw in many of its network attached storage devices that can be used to remotely commandeer them.

Holden said the seller of the exploit code - a ne'er-do-well who goes by the nickname "500mhz" -is known for being reliable and thorough in his sales of 0day exploits.

Earlier today, Zyxel sent a message saying it had published a security advisory and patch for the zero-day exploit in some of its affected products.

The advisory includes additional mitigation instructions, including a proof-of-concept exploit that has the ability to power down affected Zyxel devices.

"To me, a 0day exploit in Zyxel is not as scary as who bought it," he said.


News URL

https://krebsonsecurity.com/2020/02/zyxel-fixes-0day-in-network-storage-devices/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Zyxel 378 0 69 85 46 200