Security News > 2022 > March > Zyxel Releases Patches for Critical Bug Affecting Business Firewall and VPN Devices

Zyxel Releases Patches for Critical Bug Affecting Business Firewall and VPN Devices
2022-03-31 23:02

Networking equipment maker Zyxel has pushed security updates for a critical vulnerability affecting some of its business firewall and VPN products that could enable an attacker to take control of the devices.

"An authentication bypass vulnerability caused by the lack of a proper access control mechanism has been found in the CGI program of some firewall versions," the company said in an advisory published this week.

USG FLEX running firmware versions ZLD V4.50 through ZLD V5.20.

VPN running firmware versions ZLD V4.30 through ZLD V5.20.

The disclosure comes as both Sophos and SonicWall released patches this week to their firewall appliances to resolve critical flaws that could allow a remote attacker to execute arbitrary code on affected systems.

The critical Sophos firewall vulnerability, which has been observed exploited in active attacks against select organizations in South Asia, has since been added by the U.S. Cybersecurity and Infrastructure Security Agency to its Known Exploited Vulnerabilities Catalog.


News URL

https://thehackernews.com/2022/03/zyxel-releases-patches-for-critical-bug.html

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Zyxel 459 3 115 71 44 233