Security News > 2022 > May > Hackers are exploiting critical bug in Zyxel firewalls and VPNs
Hackers have started to exploit a recently patched critical vulnerability, tracked as CVE-2022-30525, that affects Zyxel firewall and VPN devices for businesses.
It is unclear if these efforts are malicious or just researchers working to map up Zyxel devices currently exposed to adversary attacks.
Rapid7 scanned the internet for vulnerable Zyxel products and found more than 15,000 using the Shodan search platform for hardware connected to the internet.
Shadowserver ran their own scan and found at least 20,800 Zyxel firewall models on the open web that are potentially affected by the vulnerability.
Given the severity of the vulnerability and the popularity of the devices, security researchers have released code that should help administrators detect the security flaw and exploitation attempts.
Another researcher, BlueNinja, also created a script to detect the unauthenticated remote command injection in Zyxel firewall and VPN products and published it on GitHub.
News URL
Related news
- Hackers exploit critical bug in Array Networks SSL VPN products (source)
- Over 25,000 SonicWall VPN Firewalls exposed to critical flaws (source)
- Hackers target critical zero-day vulnerability in PTZ cameras (source)
- Chinese hackers exploit Fortinet VPN zero-day to steal credentials (source)
- Palo Alto Networks tackles firewall-busting zero-days with critical patches (source)
- Helldown ransomware exploits Zyxel VPN flaw to breach networks (source)
- 1000s of Palo Alto Networks firewalls hijacked as miscreants exploit critical hole (source)
- U.S. Charges Chinese Hacker for Exploiting Zero-Day in 81,000 Sophos Firewalls (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-05-12 | CVE-2022-30525 | OS Command Injection vulnerability in Zyxel products A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W) firmware versions 5.00 through 5.21 Patch 1, USG FLEX 200 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 500 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 700 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 50(W) firmware versions 5.10 through 5.21 Patch 1, USG20(W)-VPN firmware versions 5.10 through 5.21 Patch 1, ATP series firmware versions 5.10 through 5.21 Patch 1, VPN series firmware versions 4.60 through 5.21 Patch 1, which could allow an attacker to modify specific files and then execute some OS commands on a vulnerable device. | 9.8 |