Security News

A new Go-based malware named 'Zerobot' has been spotted in mid-November using exploits for almost two dozen vulnerabilities in a variety of devices that include F5 BIG-IP, Zyxel firewalls, Totolink and D-Link routers, and Hikvision cameras. The purpose of the malware is to add compromised devices to a distributed denial-of-service botnet to launch powerful attacks against specified targets.

Networking equipment maker Zyxel has released patches for a critical security flaw impacting its network-attached storage devices. Tracked as CVE-2022-34747, the issue relates to a "Format string vulnerability" affecting NAS326, NAS540, and NAS542 models.

Networking device maker Zyxel is warning customers today of a new critical remote code execution vulnerability impacting three models of its Networked Attached Storage products. "A format string vulnerability was found in a specific binary of Zyxel NAS products that could allow an attacker to achieve unauthorized remote code execution via a crafted UDP packet," explains the advisory.

Zyxel has released patches to address four security flaws affecting its firewall, AP Controller, and AP products to execute arbitrary operating system commands and steal select information. CVE-2022-26531 - Several input validation flaws in command line interface commands for some versions of firewall, AP controller, and AP devices that could be exploited to cause a system crash.

Zyxel has published a security advisory to warn admins about multiple vulnerabilities affecting a wide range of firewall, AP, and AP controller products. Large organizations use Zyxel products, and any exploitable flaws in them immediately capture the attention of threat actors.

The Cybersecurity and Infrastructure Security Agency has added two more vulnerabilities to its list of actively exploited bugs, a code injection bug in the Spring Cloud Gateway library and a command injection flaw in Zyxel firmware for business firewalls and VPN devices. Threat actors are also abusing a critical Zyxel firmware vulnerability, patched on May 12th and under active exploitation starting the next day, on May 13th. Rapid7 found over 15,000 vulnerable Zyxel products exposed to Internet access, while the Shadowserver Foundation spotted at least 20,000 potentially impacted devices.

The Cybersecurity and Infrastructure Security Agency has added two more vulnerabilities to its list of actively exploited bugs, a code injection bug in the Spring Cloud Gateway library and a command injection flaw in Zyxel firmware for business firewalls and VPN devices. Threat actors are also abusing a critical Zyxel firmware vulnerability, patched on May 12th and under active exploitation starting the next day, on May 13th. Rapid7 found over 15,000 vulnerable Zyxel products exposed to Internet access, while the Shadowserver Foundation spotted at least 20,000 potentially impacted devices.

The U.S. Cybersecurity and Infrastructure Security Agency on Monday added two security flaws, including the recently disclosed remote code execution bug affecting Zyxel firewalls, to its Known Exploited Vulnerabilities Catalog, citing evidence of active exploitation. Tracked as CVE-2022-30525, the vulnerability is rated 9.8 for severity and relates to a command injection flaw in select versions of the Zyxel firewall that could enable an unauthenticated adversary to execute arbitrary commands on the underlying operating system.

Hackers have started to exploit a recently patched critical vulnerability, tracked as CVE-2022-30525, that affects Zyxel firewall and VPN devices for businesses. It is unclear if these efforts are malicious or just researchers working to map up Zyxel devices currently exposed to adversary attacks.

A critical vulnerability affecting several models of Zyxel firewalls has been publicly revealed, along with a Metasploit module that exploits it.Discovered by Rapid 7 researcher Jake Baines and disclosed to Zyxel on April 13, it was fixed by the company with patches released on April 28, but not publicly acknowledged by the company via an associated CVE or security advisory until now.