19 with 18 posters participating
Share this story
Hardware manufacturer Zyxel has issued patches for a highly critical security flaw that gives malicious hackers the ability to take control of a wide range of firewalls and VPN products the company sells to businesses.
The flaw is an authentication bypass vulnerability that stems from a lack of a proper access-control mechanism in the CGI (common gateway interface) of affected devices, the company said. Access control refers to a set of policies that rely on passwords and other forms of authentication to ensure resources or data are available only to authorized people. The vulnerability is tracked as CVE-2022-0342.
“The flaw could allow an attacker to bypass the authentication and obtain administrative access of the device,” Zyxel said in an advisory. The severity rating is 9.8 out of a possible 10.
The vulnerability is present in the following devices:
Affected series Affected firmware version Patch availability USG/ZyWALL ZLD V4.20 through ZLD V4.70 ZLD V4.71 USG FLEX ZLD V4.50 through ZLD V5.20 ZLD V5.21 Patch 1 ATP ZLD V4.32 through ZLD V5.20 ZLD V5.21 Patch 1 VPN ZLD V4.30 through ZLD V5.20 ZLD V5.21 NSG V1.20 through V1.33 Patch 4 Hotfix V1.33p4_WK11* available now Standard patch V1.33 Patch 5 in May 2022
The advisory comes