Security News > 2020 > February > Over 20 Zyxel Firewalls Impacted by Recent Zero-Day Vulnerability
A recently disclosed zero-day vulnerability in Zyxel network-attached storage devices also impacts over twenty of the vendor's firewalls.
Earlier this week, Zyxel published an advisory on the vulnerability, revealing that it impacted over a dozen NAS devices, including ten that were no longer supported.
On Wednesday, the networking devices vendor updated the advisory to add a total of 23 UTM, ATP, and VPN firewalls to the list of vulnerable products.
Zyxel has released patches for all supported devices, which include the aforementioned firewall devices, as well as the NAS326, NAS520, NAS540, and NAS542 storage devices.
"Command injection within a login page is about as bad as it gets and the lack of any cross-site request forgery token makes this vulnerability particularly dangerous. As demonstrated by CERT, JavaScript running in the browser is enough to identify and exploit vulnerable devices on the network," Craig Young, computer security researcher for Tripwire, told SecurityWeek in an emailed comment.
News URL
Related news
- Chrome Zero-Day Alert — Update Your Browser to Patch New Vulnerability (source)
- New Chrome Zero-Day Vulnerability CVE-2024-4761 Under Active Exploitation (source)
- Google Patches Yet Another Actively Exploited Chrome Zero-Day Vulnerability (source)
- RedTail Crypto-Mining Malware Exploiting Palo Alto Networks Firewall Vulnerability (source)
- TikTok confirms CNN, other high-profile accounts hijacked via zero-day vulnerability (source)
- Arm Warns of Actively Exploited Zero-Day Vulnerability in Mali GPU Drivers (source)