Security News > 2022 > March > Zyxel Releases Patches for Critical Bug Affecting Business Firewall and VPN Devices
Networking equipment maker Zyxel has pushed security updates for a critical vulnerability affecting some of its business firewall and VPN products that could enable an attacker to take control of the devices.
"An authentication bypass vulnerability caused by the lack of a proper access control mechanism has been found in the CGI program of some firewall versions," the company said in an advisory published this week.
USG FLEX running firmware versions ZLD V4.50 through ZLD V5.20.
VPN running firmware versions ZLD V4.30 through ZLD V5.20.
The disclosure comes as both Sophos and SonicWall released patches this week to their firewall appliances to resolve critical flaws that could allow a remote attacker to execute arbitrary code on affected systems.
The critical Sophos firewall vulnerability, which has been observed exploited in active attacks against select organizations in South Asia, has since been added by the U.S. Cybersecurity and Infrastructure Security Agency to its Known Exploited Vulnerabilities Catalog.
News URL
https://thehackernews.com/2022/03/zyxel-releases-patches-for-critical-bug.html
Related news
- Over 25,000 SonicWall VPN Firewalls exposed to critical flaws (source)
- Palo Alto Networks tackles firewall-busting zero-days with critical patches (source)
- Helldown ransomware exploits Zyxel VPN flaw to breach networks (source)
- 1000s of Palo Alto Networks firewalls hijacked as miscreants exploit critical hole (source)
- Hackers exploit critical bug in Array Networks SSL VPN products (source)
- Sophos Issues Hotfixes for Critical Firewall Flaws: Update to Prevent Exploitation (source)
- Sophos Firewall vulnerable to critical remote code execution flaw (source)
- Sophos discloses critical Firewall remote code execution flaw (source)