Security News

Critical flaw in Zyxel firewalls grants access to corporate networks (CVE-2022-30525)
2022-05-13 11:37

A critical vulnerability affecting several models of Zyxel firewalls has been publicly revealed, along with a Metasploit module that exploits it.Discovered by Rapid 7 researcher Jake Baines and disclosed to Zyxel on April 13, it was fixed by the company with patches released on April 28, but not publicly acknowledged by the company via an associated CVE or security advisory until now.

Zyxel Releases Patch for Critical Firewall OS Command Injection Vulnerability
2022-05-13 01:16

Zyxel has moved to address a critical security vulnerability affecting Zyxel firewall devices that enables unauthenticated and remote attackers to gain arbitrary code execution. "A command injection vulnerability in the CGI program of some firewall versions could allow an attacker to modify specific files and then execute some OS commands on a vulnerable device," the company said in an advisory published Thursday.

Zyxel fixes firewall flaws that could lead to hacked networks
2022-05-12 18:13

Zyxel has fixed critical firewall vulnerabilities that could have allowed threat actors to gain full access to devices and the internal corporate networks they are designed to protect. Security researchers at Rapid7 found the flaw, which is now tracked as CVE-2022-30525, and disclosed it to Zyxel on April 13, 2022.

Zyxel silently fixes critical RCE vulnerability in firewall products
2022-05-12 18:13

Threat analysts who discovered a vulnerability affecting multiple Zyxel products report that the network equipment company fixed it via a silent update pushed out two weeks ago. More specifically, security researchers at Rapid7 found the flaw, which is now tracked as CVE-2022-30525, and disclosed it to Zyxel on April 13, 2022.

Zyxel Releases Patches for Critical Bug Affecting Business Firewall and VPN Devices
2022-03-31 23:02

Networking equipment maker Zyxel has pushed security updates for a critical vulnerability affecting some of its business firewall and VPN products that could enable an attacker to take control of the devices. "An authentication bypass vulnerability caused by the lack of a proper access control mechanism has been found in the CGI program of some firewall versions," the company said in an advisory published this week.

Zyxel patches critical bug affecting firewall and VPN devices
2022-03-31 19:02

Network equipment company Zyxel has updated the firmware of several of its business-grade firewall and VPN products to address a critical-severity vulnerability that could give attackers administrator-level access to affected devices. "An authentication bypass vulnerability caused by the lack of a proper access control mechanism has been found in the CGI program of some firewall versions. The flaw could allow an attacker to bypass the authentication and obtain administrative access of the device" - Zyxel.

Watch Out! Zyxel Firewalls and VPNs Under Active Cyberattack
2021-06-25 06:10

Taiwanese networking equipment company Zyxel is warning customers of an ongoing attack targeting a "Small subset" of its security products such as firewall and VPN servers. Attributing the attacks to a "Sophisticated threat actor," the firm noted that the attacks single out appliances that have remote management or SSL VPN enabled, namely in the USG/ZyWALL, USG FLEX, ATP, and VPN series running on-premise ZLD firmware, implying that the targeted devices are publicly accessible over the internet.

Zyxel Warns Customers of Attacks on Security Appliances
2021-06-24 19:02

Networking device manufacturer Zyxel has issued an alert to warn customers of attacks targeting a subset of security appliances that have remote management or SSL VPN enabled. In the letter sent to customers, a copy of which security researcher JAMESWT shared on Twitter, the company says that a sophisticated threat actor is targeting USG/ZyWALL, USG FLEX, ATP, and VPN series devices running on-premises ZLD firmware.

Zyxel adds new WiFi 6 Mesh products to its portfolio
2021-06-09 23:45

Zyxel Communications announced the upcoming launch of a new WiFi 6 series, the DX3300, DX3301, EX3300, EX3301 and WX3100. This new offering will be one of Zyxel's most cost-competitive product series for migration to WiFi 6 Mesh and is a great choice for service providers who want to offer these capabilities under an existing copper or fiber infrastructure.

Zyxel adds USG FLEX firewall to its Nebula Cloud Networking solution for SMBs and MSPs
2021-04-13 00:30

Zyxel Networks announced the addition of the USG FLEX firewall series to its signature Nebula Cloud Networking solution. Equipped with the newly-released firmware version ZLD5.0, the USG FLEX firewalls add the robust, intelligent network security capability that establishes Nebula as the most comprehensive cloud networking solution for SMBs and MSPs. The distribution of the workforce, initially driven by COVID-19 restrictions, presents businesses with the challenge of providing critical connectivity to network resources and assets to remote employees outside of the main office.