Security News > 2023 > April > Zyxel Firewall Devices Vulnerable to Remote Code Execution Attacks — Patch Now
Networking equipment maker Zyxel has released patches for a critical security flaw in its firewall devices that could be exploited to achieve remote code execution on affected systems.
"Improper error message handling in some firewall versions could allow an unauthenticated attacker to execute some OS commands remotely by sending crafted packets to an affected device," Zyxel said in an advisory on April 25, 2023.
ZyWALL/USG. Zyxel has also addressed a high-severity post-authentication command injection vulnerability affecting select firewall versions that could permit an authenticated attacker to execute some OS commands remotely.
Lastly, the company also shipped fixes for five high-severity flaws affecting several firewalls and access point devices that could result in code execution and cause a denial-of-service condition.
The most severe of the flaws is CVE-2022-43389, a buffer overflow vulnerability impacting 5G NR/4G LTE CPE devices.
"It did not require authentication to be exploited and led to arbitrary code execution on the device," Abramov explained at the time.
News URL
https://thehackernews.com/2023/04/zyxel-firewall-devices-vulnerable-to.html
Related news
- Rsync vulnerabilities allow remote code execution on servers, patch quickly! (source)
- Zyxel CPE devices under attack via critical vulnerability without a patch (CVE-2024-40891) (source)
- New “whoAMI” Attack Exploits AWS AMI Name Confusion for Remote Code Execution (source)
- SonicWall firewalls now under attack: Patch ASAP or risk intrusion via your SSL VPN (source)
- Critical RCE Flaw in GFI KerioControl Allows Remote Code Execution via CRLF Injection (source)
- CISA orders agencies to patch BeyondTrust bug exploited in attacks (source)
- Fortinet Warns of New Zero-Day Used in Attacks on Firewalls with Exposed Interfaces (source)
- Patch Tuesday: January 2025 Security Update Patches Exploited Elevation of Privilege Attacks (source)
- Over 660,000 Rsync servers exposed to code execution attacks (source)
- Patch procrastination leaves 50,000 Fortinet firewalls vulnerable to zero-day (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-11 | CVE-2022-43389 | Classic Buffer Overflow vulnerability in Zyxel products A buffer overflow vulnerability in the library of the web server in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an unauthenticated attacker to execute some OS commands or to cause denial-of-service (DoS) conditions on a vulnerable device. | 9.8 |