Security News > 2020 > February > Over 20 Zyxel Firewalls Impacted by Recent Zero-Day Vulnerability

Over 20 Zyxel Firewalls Impacted by Recent Zero-Day Vulnerability
2020-02-27 04:49

A recently disclosed zero-day vulnerability in Zyxel network-attached storage devices also impacts over twenty of the vendor's firewalls.

Earlier this week, Zyxel published an advisory on the vulnerability, revealing that it impacted over a dozen NAS devices, including ten that were no longer supported.

On Wednesday, the networking devices vendor updated the advisory to add a total of 23 UTM, ATP, and VPN firewalls to the list of vulnerable products.

Zyxel has released patches for all supported devices, which include the aforementioned firewall devices, as well as the NAS326, NAS520, NAS540, and NAS542 storage devices.

"Command injection within a login page is about as bad as it gets and the lack of any cross-site request forgery token makes this vulnerability particularly dangerous. As demonstrated by CERT, JavaScript running in the browser is enough to identify and exploit vulnerable devices on the network," Craig Young, computer security researcher for Tripwire, told SecurityWeek in an emailed comment.


News URL

http://feedproxy.google.com/~r/Securityweek/~3/Gc0jTrEuJ_4/over-20-zyxel-firewalls-impacted-recent-zero-day-vulnerability

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Zyxel 378 0 69 85 46 200