Security News > 2020 > February > Over 20 Zyxel Firewalls Impacted by Recent Zero-Day Vulnerability
A recently disclosed zero-day vulnerability in Zyxel network-attached storage devices also impacts over twenty of the vendor's firewalls.
Earlier this week, Zyxel published an advisory on the vulnerability, revealing that it impacted over a dozen NAS devices, including ten that were no longer supported.
On Wednesday, the networking devices vendor updated the advisory to add a total of 23 UTM, ATP, and VPN firewalls to the list of vulnerable products.
Zyxel has released patches for all supported devices, which include the aforementioned firewall devices, as well as the NAS326, NAS520, NAS540, and NAS542 storage devices.
"Command injection within a login page is about as bad as it gets and the lack of any cross-site request forgery token makes this vulnerability particularly dangerous. As demonstrated by CERT, JavaScript running in the browser is enough to identify and exploit vulnerable devices on the network," Craig Young, computer security researcher for Tripwire, told SecurityWeek in an emailed comment.
News URL
Related news
- CISA Adds ScienceLogic SL1 Vulnerability to Exploited Catalog After Active Zero-Day Attack (source)
- Hackers target critical zero-day vulnerability in PTZ cameras (source)
- Google’s AI Tool Big Sleep Finds Zero-Day Vulnerability in SQLite Database Engine (source)
- Mystery Palo Alto Networks hijack-my-firewall zero-day now officially under exploit (source)
- PAN-OS Firewall Vulnerability Under Active Exploitation – IoCs and Patch Released (source)
- Attackers are exploiting 2 zero-days in Palo Alto Networks firewalls (CVE-2024-0012, CVE-2024-9474) (source)
- Palo Alto Networks patches two firewall zero-days used in attacks (source)
- Palo Alto Networks tackles firewall-busting zero-days with critical patches (source)