Security News > 2020 > February > Zyxel storage, firewall, VPN, security boxes have a give-anyone-on-the-internet-root hole: Patch right now
Zyxel's network storage boxes, business VPN gateways, firewalls, and, er, security scanners can be remotely hijacked by any miscreant, due to a devastating security hole in the firmware.
If a miscreant can't directly connect to a vulnerable Zyxel device, "There are ways to trigger such crafted requests even if an attacker does not have direct connectivity to a vulnerable device," noted Carnegie Mellon's CERT Coordination Center in its advisory on the matter.
Simply visiting a website can result in the compromise of any Zyxel device that is reachable from the client system."
"For these reasons, any attacker that has control of DNS or IP routing may be able to cause a malicious firmware to be installed on a Zyxel device."
If you can't patch your Zyxel device, bin it - especially if it's facing the internet.
News URL
https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/02/26/zyxel_networking_flaw/
Related news
- AMD won’t patch Sinkclose security bug on older Zen CPUs (source)
- Private Internet Access (PIA) vs ExpressVPN (2024): Which VPN Is Better? (source)
- SonicWall Issues Critical Patch for Firewall Vulnerability Allowing Unauthorized Access (source)
- Fortra Issues Patch for High-Risk FileCatalyst Workflow Security Vulnerability (source)
- SonicWall Urges Users to Patch Critical Firewall Flaw Amid Possible Exploitation (source)
- Week in review: Vulnerability allows Yubico security keys cloning, Patch Tuesday forecast (source)
- How $20 and a lapsed domain allowed security pros to undermine internet integrity (source)