Security News > 2022 > May > Hackers are exploiting critical bug in Zyxel firewalls and VPNs
Hackers have started to exploit a recently patched critical vulnerability, tracked as CVE-2022-30525, that affects Zyxel firewall and VPN devices for businesses.
It is unclear if these efforts are malicious or just researchers working to map up Zyxel devices currently exposed to adversary attacks.
Rapid7 scanned the internet for vulnerable Zyxel products and found more than 15,000 using the Shodan search platform for hardware connected to the internet.
Shadowserver ran their own scan and found at least 20,800 Zyxel firewall models on the open web that are potentially affected by the vulnerability.
Given the severity of the vulnerability and the popularity of the devices, security researchers have released code that should help administrators detect the security flaw and exploitation attempts.
Another researcher, BlueNinja, also created a script to detect the unauthenticated remote command injection in Zyxel firewall and VPN products and published it on GitHub.
News URL
Related news
- Hackers exploit critical unpatched flaw in Zyxel CPE devices (source)
- SonicWall firewall exploit lets hackers hijack VPN sessions, patch now (source)
- Hackers exploit KerioControl firewall flaw to steal admin CSRF tokens (source)
- Hackers exploit critical Aviatrix Controller RCE flaw in attacks (source)
- Hackers leak configs and VPN credentials for 15,000 FortiGate devices (source)
- Zyxel warns of bad signature update causing firewall boot loops (source)
- Zyxel CPE devices under attack via critical vulnerability without a patch (CVE-2024-40891) (source)
- How hackers target your Active Directory with breached VPN passwords (source)
- SonicWall firewalls now under attack: Patch ASAP or risk intrusion via your SSL VPN (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-12 | CVE-2022-30525 | OS Command Injection vulnerability in Zyxel products A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W) firmware versions 5.00 through 5.21 Patch 1, USG FLEX 200 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 500 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 700 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 50(W) firmware versions 5.10 through 5.21 Patch 1, USG20(W)-VPN firmware versions 5.10 through 5.21 Patch 1, ATP series firmware versions 5.10 through 5.21 Patch 1, VPN series firmware versions 4.60 through 5.21 Patch 1, which could allow an attacker to modify specific files and then execute some OS commands on a vulnerable device. | 9.8 |