Zyxel Patches Critical Hijacking Vulnerability

Share on facebook
Share on twitter
Share on linkedin
Share on reddit

reader comments

19 with 18 posters participating

Share this story

Hardware manufacturer Zyxel has issued patches for a highly critical security flaw that gives malicious hackers the ability to take control of a wide range of firewalls and VPN products the company sells to businesses.

The flaw is an authentication bypass vulnerability that stems from a lack of a proper access-control mechanism in the CGI (common gateway interface) of affected devices, the company said. Access control refers to a set of policies that rely on passwords and other forms of authentication to ensure resources or data are available only to authorized people. The vulnerability is tracked as CVE-2022-0342.

“The flaw could allow an attacker to bypass the authentication and obtain administrative access of the device,” Zyxel said in an advisory. The severity rating is 9.8 out of a possible 10.

The vulnerability is present in the following devices:

Affected series Affected firmware version Patch availability USG/ZyWALL ZLD V4.20 through ZLD V4.70 ZLD V4.71 USG FLEX ZLD V4.50 through ZLD V5.20 ZLD V5.21 Patch 1 ATP ZLD V4.32 through ZLD V5.20 ZLD V5.21 Patch 1 VPN ZLD V4.30 through ZLD V5.20 ZLD V5.21 NSG V1.20 through V1.33 Patch 4 Hotfix V1.33p4_WK11* available now Standard patch V1.33 Patch 5 in May 2022

The advisory comes

Read more

Explore the site

More from the blog

Latest News