Security News

Networking equipment maker Zyxel has pushed security updates for a critical vulnerability affecting some of its business firewall and VPN products that could enable an attacker to take control of the devices. "An authentication bypass vulnerability caused by the lack of a proper access control mechanism has been found in the CGI program of some firewall versions," the company said in an advisory published this week.

Network equipment company Zyxel has updated the firmware of several of its business-grade firewall and VPN products to address a critical-severity vulnerability that could give attackers administrator-level access to affected devices. "An authentication bypass vulnerability caused by the lack of a proper access control mechanism has been found in the CGI program of some firewall versions. The flaw could allow an attacker to bypass the authentication and obtain administrative access of the device" - Zyxel.

Taiwanese networking equipment company Zyxel is warning customers of an ongoing attack targeting a "Small subset" of its security products such as firewall and VPN servers. Attributing the attacks to a "Sophisticated threat actor," the firm noted that the attacks single out appliances that have remote management or SSL VPN enabled, namely in the USG/ZyWALL, USG FLEX, ATP, and VPN series running on-premise ZLD firmware, implying that the targeted devices are publicly accessible over the internet.

Networking device manufacturer Zyxel has issued an alert to warn customers of attacks targeting a subset of security appliances that have remote management or SSL VPN enabled. In the letter sent to customers, a copy of which security researcher JAMESWT shared on Twitter, the company says that a sophisticated threat actor is targeting USG/ZyWALL, USG FLEX, ATP, and VPN series devices running on-premises ZLD firmware.

Zyxel Communications announced the upcoming launch of a new WiFi 6 series, the DX3300, DX3301, EX3300, EX3301 and WX3100. This new offering will be one of Zyxel's most cost-competitive product series for migration to WiFi 6 Mesh and is a great choice for service providers who want to offer these capabilities under an existing copper or fiber infrastructure.

Zyxel Networks announced the addition of the USG FLEX firewall series to its signature Nebula Cloud Networking solution. Equipped with the newly-released firmware version ZLD5.0, the USG FLEX firewalls add the robust, intelligent network security capability that establishes Nebula as the most comprehensive cloud networking solution for SMBs and MSPs. The distribution of the workforce, initially driven by COVID-19 restrictions, presents businesses with the challenge of providing critical connectivity to network resources and assets to remote employees outside of the main office.

Zyxel Networks announced the launch of XGS1250-12 12-Port Web-Managed Multi-Gigabit Switch with 3-Port 10G and 1-Port 10G SFP+. Designed to optimize high-bandwidth applications in the home and office, such as HD multimedia content creation and storage, and high-speed WiFi 6 data and IoT traffic, the versatile XGS1250-12 switch features three multi-Gigabit ports to eliminate network bottlenecks for devices such as 10G NAS or servers, WiFi 6 access points and new 2.5G motherboards. The switch features eight Gigabit Ethernet ports, one 10G SFP+ port, and three Multi-Gigabit ports that support five speeds: 10 Gbps, 5 Gbps, 2.5 Gbps, 1 Gbps and 1 Gbps. The highest common link speed is automatically and independently negotiated with each connected device.

Zyxel Networks announced a partnership with WyreStorm who has recently extended their AV over IP line with the H.265 NetworkHD 110's. WyreStorm has added Zyxel's portfolio of Networked AV-enabled switches to their NetworkHD Series of AV over IP solutions. The addition of the Networked AV technology to many of Zyxel's switch families enables partners like WyreStorm to provide networked AV solutions that deliver uncompromising network streaming performance making high-quality, low latency video distribution easier and more efficient than ever before.

Zyxel Communications announced the launch of its portfolio of high-performance 10G PON ONT solutions, which includes the PX7511 AX6000 WiFi 6 XGS-PON VoIP Gateway ONT, PM7516 XGS-PON VoIP Bridge ONT with 10G LAN, and PM7010 XGS-PON SFP+ ONT. Zyxel 10G PON ONT solutions enable service providers to break free of the bandwidth limitations of GPON and rapidly monetize their networks through high-ARPU premium-tier residential services and commercial applications. In addition to significantly increasing the connections speeds to standard and prime subscribers by increasing the bandwidth to 10G, Zyxel 10G PON solutions enable service providers to offer higher-priced premium service tiers to subscribers who utilize high-bandwidth applications such as UHD 8K video streaming, AR/VR, IoT, and smart home devices.

Zyxel products are Linux-based, and Linux usernames and passwords are typically split between two files for security reasons. The early passwords of several Unix pioneers were cracked for fun in 2019 based on ancient password files embedded in the BSD-3 source code.