The Broadband Guide
SG
search advanced

Hackers are exploiting critical bug in Zyxel firewalls and VPNs

2022-05-17 18:11 by
Tags: , , ,

 

Hackers have started to exploit a recently patched critical vulnerability, tracked as CVE-2022-30525, that affects Zyxel firewall and VPN devices for businesses.

Researchers on Thursday reported that they had found a vulnerability that affects Zyxel firewalls that allows an unauthenticated and remote attacker to launch a remote code execution (RCE). In a blog post, Rapid7 researchers said they reported the vulnerability - CVE-2022-30525 - on April 13 to Zyxel and the vendor issued a patch some two weeks later.

The vulnerability affects Zyxel firewalls that support zero touch provisioning (ZTP), which includes the ATP series, VPN series and the USG FLEX series, including USG20-VPN and USG20W-VPN.

In an advisory published by Zyxel alongside the patch, the company urged administrators to install the relevant update immediately. This sentiment was echoed on Twitter by the cybersecurity director of the NSA, such is the severity of the issue and popularity of Zyxel hardware.

The latest analysis shows that upwards of 15,000 vulnerable Zyxel products remain unpatched, the majority of which belong to companies based in France, Italy, Switzerland and the US, meaning the potential scope of attacks is significant.

Read more -here-

 

  Post your review/comments
    rate:
   avg:
News Glossary of Terms FAQs Polls Cool Links SpeedGuide Teams SG Premium Services SG Gear Store
Registry Tweaks Broadband Tools Downloads/Patches Broadband Hardware SG Ports Database Security Default Passwords User Stories
Broadband Routers Wireless Firewalls / VPNs Software Hardware User Reviews
Broadband Security Editorials General User Articles Quick Reference
Broadband Forums General Discussions
Advertising Awards Link to us Server Statistics Helping SG About