Security News > 2022 > March > Zyxel patches critical bug affecting firewall and VPN devices
Network equipment company Zyxel has updated the firmware of several of its business-grade firewall and VPN products to address a critical-severity vulnerability that could give attackers administrator-level access to affected devices.
"An authentication bypass vulnerability caused by the lack of a proper access control mechanism has been found in the CGI program of some firewall versions. The flaw could allow an attacker to bypass the authentication and obtain administrative access of the device" - Zyxel.
USG FLEX series firmware versions 4.50 through 5.20.
ATP series firmware versions 4.32 through 5.20.
VPN series firmware versions 4.30 through 5.20.
Zyxel is advising its customers to install the firmware updates "For optimal protection." At the moment there are no public reports that CVE-2022-0342 is being exploited in attacks.
News URL
Related news
- Over 25,000 SonicWall VPN Firewalls exposed to critical flaws (source)
- Palo Alto Networks tackles firewall-busting zero-days with critical patches (source)
- Helldown ransomware exploits Zyxel VPN flaw to breach networks (source)
- 1000s of Palo Alto Networks firewalls hijacked as miscreants exploit critical hole (source)
- Hackers exploit critical bug in Array Networks SSL VPN products (source)
- Sophos Issues Hotfixes for Critical Firewall Flaws: Update to Prevent Exploitation (source)
- Sophos Firewall vulnerable to critical remote code execution flaw (source)
- Sophos discloses critical Firewall remote code execution flaw (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-03-28 | CVE-2022-0342 | Improper Authentication vulnerability in Zyxel products An authentication bypass vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.20 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.32 through 5.20, VPN series firmware versions 4.30 through 5.20, and NSG series firmware versions V1.20 through V1.33 Patch 4, which could allow an attacker to bypass the web authentication and obtain administrative access of the device. | 9.8 |