Security News
A critical vulnerability affecting several models of Zyxel firewalls has been publicly revealed, along with a Metasploit module that exploits it.Discovered by Rapid 7 researcher Jake Baines and disclosed to Zyxel on April 13, it was fixed by the company with patches released on April 28, but not publicly acknowledged by the company via an associated CVE or security advisory until now.
Zyxel has moved to address a critical security vulnerability affecting Zyxel firewall devices that enables unauthenticated and remote attackers to gain arbitrary code execution. "A command injection vulnerability in the CGI program of some firewall versions could allow an attacker to modify specific files and then execute some OS commands on a vulnerable device," the company said in an advisory published Thursday.
Zyxel has fixed critical firewall vulnerabilities that could have allowed threat actors to gain full access to devices and the internal corporate networks they are designed to protect. Security researchers at Rapid7 found the flaw, which is now tracked as CVE-2022-30525, and disclosed it to Zyxel on April 13, 2022.
Threat analysts who discovered a vulnerability affecting multiple Zyxel products report that the network equipment company fixed it via a silent update pushed out two weeks ago. More specifically, security researchers at Rapid7 found the flaw, which is now tracked as CVE-2022-30525, and disclosed it to Zyxel on April 13, 2022.
Networking equipment maker Zyxel has pushed security updates for a critical vulnerability affecting some of its business firewall and VPN products that could enable an attacker to take control of the devices. "An authentication bypass vulnerability caused by the lack of a proper access control mechanism has been found in the CGI program of some firewall versions," the company said in an advisory published this week.
Network equipment company Zyxel has updated the firmware of several of its business-grade firewall and VPN products to address a critical-severity vulnerability that could give attackers administrator-level access to affected devices. "An authentication bypass vulnerability caused by the lack of a proper access control mechanism has been found in the CGI program of some firewall versions. The flaw could allow an attacker to bypass the authentication and obtain administrative access of the device" - Zyxel.
Taiwanese networking equipment company Zyxel is warning customers of an ongoing attack targeting a "Small subset" of its security products such as firewall and VPN servers. Attributing the attacks to a "Sophisticated threat actor," the firm noted that the attacks single out appliances that have remote management or SSL VPN enabled, namely in the USG/ZyWALL, USG FLEX, ATP, and VPN series running on-premise ZLD firmware, implying that the targeted devices are publicly accessible over the internet.
Networking device manufacturer Zyxel has issued an alert to warn customers of attacks targeting a subset of security appliances that have remote management or SSL VPN enabled. In the letter sent to customers, a copy of which security researcher JAMESWT shared on Twitter, the company says that a sophisticated threat actor is targeting USG/ZyWALL, USG FLEX, ATP, and VPN series devices running on-premises ZLD firmware.
Zyxel Communications announced the upcoming launch of a new WiFi 6 series, the DX3300, DX3301, EX3300, EX3301 and WX3100. This new offering will be one of Zyxel's most cost-competitive product series for migration to WiFi 6 Mesh and is a great choice for service providers who want to offer these capabilities under an existing copper or fiber infrastructure.
Zyxel Networks announced the addition of the USG FLEX firewall series to its signature Nebula Cloud Networking solution. Equipped with the newly-released firmware version ZLD5.0, the USG FLEX firewalls add the robust, intelligent network security capability that establishes Nebula as the most comprehensive cloud networking solution for SMBs and MSPs. The distribution of the workforce, initially driven by COVID-19 restrictions, presents businesses with the challenge of providing critical connectivity to network resources and assets to remote employees outside of the main office.