Security News > 2020 > February > Over 20 Zyxel Firewalls Impacted by Recent Zero-Day Vulnerability
A recently disclosed zero-day vulnerability in Zyxel network-attached storage devices also impacts over twenty of the vendor's firewalls.
Earlier this week, Zyxel published an advisory on the vulnerability, revealing that it impacted over a dozen NAS devices, including ten that were no longer supported.
On Wednesday, the networking devices vendor updated the advisory to add a total of 23 UTM, ATP, and VPN firewalls to the list of vulnerable products.
Zyxel has released patches for all supported devices, which include the aforementioned firewall devices, as well as the NAS326, NAS520, NAS540, and NAS542 storage devices.
"Command injection within a login page is about as bad as it gets and the lack of any cross-site request forgery token makes this vulnerability particularly dangerous. As demonstrated by CERT, JavaScript running in the browser is enough to identify and exploit vulnerable devices on the network," Craig Young, computer security researcher for Tripwire, told SecurityWeek in an emailed comment.
News URL
Related news
- Fortinet warns of new zero-day exploited to hijack firewalls (source)
- PostgreSQL Vulnerability Exploited Alongside BeyondTrust Zero-Day in Targeted Attacks (source)
- Wallbleed vulnerability unearths secrets of China's Great Firewall 125 bytes at a time (source)
- Apple Releases Patch for WebKit Zero-Day Vulnerability Exploited in Targeted Attacks (source)
- Mozilla Patches Critical Firefox Bug Similar to Chrome’s Recent Zero-Day Vulnerability (source)