Security News > 2020 > February > Zyxel storage, firewall, VPN, security boxes have a give-anyone-on-the-internet-root hole: Patch right now
Zyxel's network storage boxes, business VPN gateways, firewalls, and, er, security scanners can be remotely hijacked by any miscreant, due to a devastating security hole in the firmware.
If a miscreant can't directly connect to a vulnerable Zyxel device, "There are ways to trigger such crafted requests even if an attacker does not have direct connectivity to a vulnerable device," noted Carnegie Mellon's CERT Coordination Center in its advisory on the matter.
Simply visiting a website can result in the compromise of any Zyxel device that is reachable from the client system."
"For these reasons, any attacker that has control of DNS or IP routing may be able to cause a malicious firmware to be installed on a Zyxel device."
If you can't patch your Zyxel device, bin it - especially if it's facing the internet.
News URL
https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/02/26/zyxel_networking_flaw/
Related news
- Over 25,000 SonicWall VPN Firewalls exposed to critical flaws (source)
- Vanir: Open-source security patch validation for Android (source)
- Windscribe VPN Review (2025): Features, Pricing, and Security (source)
- CyberGhost VPN Review (2025): Features, Pricing, and Security (source)
- Patch Tuesday: January 2025 Security Update Patches Exploited Elevation of Privilege Attacks (source)
- Private Internet Access VPN Review: How Good Is PIA VPN? (source)
- 7-Zip fixes bug that bypasses Windows MoTW security warnings, patch now (source)
- Patch procrastination leaves 50,000 Fortinet firewalls vulnerable to zero-day (source)
- 48,000+ internet-facing Fortinet firewalls still open to attack (source)
- Asus lets processor security fix slip out early, AMD confirms patch in progress (source)