Security News > 2020 > February > Zyxel storage, firewall, VPN, security boxes have a give-anyone-on-the-internet-root hole: Patch right now
Zyxel's network storage boxes, business VPN gateways, firewalls, and, er, security scanners can be remotely hijacked by any miscreant, due to a devastating security hole in the firmware.
If a miscreant can't directly connect to a vulnerable Zyxel device, "There are ways to trigger such crafted requests even if an attacker does not have direct connectivity to a vulnerable device," noted Carnegie Mellon's CERT Coordination Center in its advisory on the matter.
Simply visiting a website can result in the compromise of any Zyxel device that is reachable from the client system."
"For these reasons, any attacker that has control of DNS or IP routing may be able to cause a malicious firmware to be installed on a Zyxel device."
If you can't patch your Zyxel device, bin it - especially if it's facing the internet.
News URL
https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/02/26/zyxel_networking_flaw/
Related news
- Patch Tuesday: Internet Explorer Vulnerabilities Still Pose a Problem (source)
- TunnelBear VPN Review 2024: Pricing, Ease of Use & Security (source)
- PAN-OS Firewall Vulnerability Under Active Exploitation – IoCs and Patch Released (source)
- Helldown ransomware exploits Zyxel VPN flaw to breach networks (source)