Zyxel Fixes 0day in Network Storage Devices

2020-02-24 17:13

Networking hardware vendor Zyxel today released an update to fix a critical flaw in many of its network attached storage devices that can be used to remotely commandeer them.

Holden said the seller of the exploit code - a ne'er-do-well who goes by the nickname "500mhz" -is known for being reliable and thorough in his sales of 0day exploits.

Earlier today, Zyxel sent a message saying it had published a security advisory and patch for the zero-day exploit in some of its affected products.

The advisory includes additional mitigation instructions, including a proof-of-concept exploit that has the ability to power down affected Zyxel devices.

"To me, a 0day exploit in Zyxel is not as scary as who bought it," he said.

News URL

https://krebsonsecurity.com/2020/02/zyxel-fixes-0day-in-network-storage-devices/

#zyxel #0day

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Zyxel		382	0	82	95	51	228