Security News > 2022 > May > Hackers are exploiting critical bug in Zyxel firewalls and VPNs
Hackers have started to exploit a recently patched critical vulnerability, tracked as CVE-2022-30525, that affects Zyxel firewall and VPN devices for businesses.
It is unclear if these efforts are malicious or just researchers working to map up Zyxel devices currently exposed to adversary attacks.
Rapid7 scanned the internet for vulnerable Zyxel products and found more than 15,000 using the Shodan search platform for hardware connected to the internet.
Shadowserver ran their own scan and found at least 20,800 Zyxel firewall models on the open web that are potentially affected by the vulnerability.
Given the severity of the vulnerability and the popularity of the devices, security researchers have released code that should help administrators detect the security flaw and exploitation attempts.
Another researcher, BlueNinja, also created a script to detect the unauthenticated remote command injection in Zyxel firewall and VPN products and published it on GitHub.
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-12 | CVE-2022-30525 | OS Command Injection vulnerability in Zyxel products A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W) firmware versions 5.00 through 5.21 Patch 1, USG FLEX 200 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 500 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 700 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 50(W) firmware versions 5.10 through 5.21 Patch 1, USG20(W)-VPN firmware versions 5.10 through 5.21 Patch 1, ATP series firmware versions 5.10 through 5.21 Patch 1, VPN series firmware versions 4.60 through 5.21 Patch 1, which could allow an attacker to modify specific files and then execute some OS commands on a vulnerable device. | 9.8 |