Security News > 2022 > May > Zyxel silently fixes critical RCE vulnerability in firewall products

Zyxel silently fixes critical RCE vulnerability in firewall products
2022-05-12 18:13

Threat analysts who discovered a vulnerability affecting multiple Zyxel products report that the network equipment company fixed it via a silent update pushed out two weeks ago.

More specifically, security researchers at Rapid7 found the flaw, which is now tracked as CVE-2022-30525, and disclosed it to Zyxel on April 13, 2022.

The flaw is an unauthenticated remote command injection via the HTTP interface, affecting Zyxel firewalls supporting Zero Touch Provisioning.

"The vulnerable functionality is invoked in association with the setWanPortSt command. An attacker can inject arbitrary commands into the mtu or the data parameter."

Zyxel confirmed the report and the validity of the flaw and promised to release the fixing security updates in June 2022, yet they released a patch on April 28, 2022, without supplying a security advisory, technical details, or mitigation guidance to its customers.

As the technical details of the vulnerability have been released and it is now supported by Metasploit, all admins should update their devices immediately before threat actors begin to actively exploit the flaw.


News URL

https://www.bleepingcomputer.com/news/security/zyxel-silently-fixes-critical-rce-vulnerability-in-firewall-products/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2022-05-12 CVE-2022-30525 OS Command Injection vulnerability in Zyxel products
A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W) firmware versions 5.00 through 5.21 Patch 1, USG FLEX 200 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 500 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 700 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 50(W) firmware versions 5.10 through 5.21 Patch 1, USG20(W)-VPN firmware versions 5.10 through 5.21 Patch 1, ATP series firmware versions 5.10 through 5.21 Patch 1, VPN series firmware versions 4.60 through 5.21 Patch 1, which could allow an attacker to modify specific files and then execute some OS commands on a vulnerable device.
network
low complexity
zyxel CWE-78
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Zyxel 378 0 69 85 46 200