Security News

Zyxel has patched six vulnerabilities affecting its network attached storage devices, including several command injection flaws that can be easily exploited by unauthenticated attackers. One of the six plugged security holes is an improper authentication vulnerability in the devices' authentication module, and may allow unauthenticated attackers to grab system information by sending a specially crafted URL to a vulnerable device.

Zyxel has released patches to address 15 security issues impacting network-attached storage (NAS), firewall, and access point (AP) devices, including three critical flaws that could lead to...

Zyxel has addressed multiple security issues, including three critical ones that could allow an unauthenticated attacker to execute operating system commands on vulnerable network-attached storage devices. Zyxel NAS systems are used for storing data in a centralized location on the network.

Fortinet has issued an alert warning that the Gafgyt botnet malware is actively trying to exploit a vulnerability in the end-of-life Zyxel P660HN-T1A router in thousands of daily attacks. [...]

Several distributed denial-of-service botnets have been observed exploiting a critical flaw in Zyxel devices that came to light in April 2023 to gain remote control of vulnerable systems. "Through the capture of exploit traffic, the attacker's IP address was identified, and it was determined that the attacks were occurring in multiple regions, including Central America, North America, East Asia, and South Asia," Fortinet FortiGuard Labs researcher Cara Lin said.

A variant of the Mirai botnet is targeting almost two dozen vulnerabilities aiming to take control of D-Link, Arris, Zyxel, TP-Link, Tenda, Netgear, and MediaTek devices to use them for distributed denial-of-service attacks. In total, the malware targets no less than 22 known seccurity issues in various connected products, which include routers, DVRs, NVRs, WiFi communication dongles, thermal monitoring systems, access control systems, and solar power generation monitors.

Zyxel is warning its NAS devices users to update their firmware to fix a critical severity command injection vulnerability. Zyxel has provided no workarounds or mitigations for CVE-2023-27992 in its latest advisory, so users of the impacted NAS devices are recommended to apply the available security updates as soon as possible.

Zyxel has rolled out security updates to address a critical security flaw in its network-attached storage devices that could result in the execution of arbitrary commands on affected systems. Tracked as CVE-2023-27992, the issue has been described as a pre-authentication command injection vulnerability.

Zyxel has released firmware patches for a critical vulnerability in some of its consumer network attached storage devices. CVE-2023-27992 is an OS command injection flaw that could be triggered remotely by an unauthenticated attacker, via a specially crafted HTTP request.

The U.S. Cybersecurity and Infrastructure Security Agency on Monday placed two recently disclosed flaws in Zyxel firewalls to its Known Exploited Vulnerabilities catalog, based on evidence of active exploitation. The vulnerabilities, tracked as CVE-2023-33009 and CVE-2023-33010, are buffer overflow vulnerabilities that could enable an unauthenticated attacker to cause a denial-of-service condition and remote code execution.