Security News > 2020 > February > Zyxel storage, firewall, VPN, security boxes have a give-anyone-on-the-internet-root hole: Patch right now
Zyxel's network storage boxes, business VPN gateways, firewalls, and, er, security scanners can be remotely hijacked by any miscreant, due to a devastating security hole in the firmware.
If a miscreant can't directly connect to a vulnerable Zyxel device, "There are ways to trigger such crafted requests even if an attacker does not have direct connectivity to a vulnerable device," noted Carnegie Mellon's CERT Coordination Center in its advisory on the matter.
Simply visiting a website can result in the compromise of any Zyxel device that is reachable from the client system."
"For these reasons, any attacker that has control of DNS or IP routing may be able to cause a malicious firmware to be installed on a Zyxel device."
If you can't patch your Zyxel device, bin it - especially if it's facing the internet.
News URL
https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/02/26/zyxel_networking_flaw/
Related news
- Patch Tuesday: Microsoft Fixes 57 Security Flaws – Including Active Zero-Days (source)
- WARNING: Expiring Root Certificate May Disable Firefox Add-Ons, Security Features, and DRM Playback (source)
- Speedify VPN Review 2025: Features, Security, and Performance (source)
- Still Using an Older Version of iOS or iPadOS? Update Now to Patch These Critical Security Vulnerabilities (source)
- April 2025 Patch Tuesday forecast: More AI security introduced by Microsoft (source)