Connect with us

Business

Zyxel Firewall Vulnerability lets Attackers Inject OS Commands

Published

on

Recently, Zyxel, the networking equipment manufacturer, has issued critical security patches for its firewall devices to fix a vulnerability allowing RCE on the affected systems.

This RCE vulnerability, tracked as “CVE-2023-28771,” was discovered by TRAPA Security, and on the CVSS scoring system, it has been rated 9.8 with a “Critical” severity tag.

Products Affected

Here below, we have mentioned the products that are impacted by this flaw:-

  • ATP (Affected versions: ZLD V4.60 to V5.35, Patched version: ZLD V5.36)
  • USG FLEX (Affected versions: ZLD V4.60 to V5.35, Patched version: ZLD V5.36)
  • VPN (Affected versions: ZLD V4.60 to V5.35, Patched version: ZLD V5.36)
  • ZyWALL/USG (Affected versions: ZLD V4.60 to V4.73, Patched version: ZLD V4.73 Patch 1)

By exploiting this vulnerability, unauthenticated attackers can execute OS commands on an affected device by sending specially crafted packets due to improper error message handling in certain firewall versions.

Moreover, Zyxel has addressed one medium-severity bug and five high-severity vulnerabilities that impact multiple firewalls and access point devices. 

While these vulnerabilities may result in the activation of code execution and DoS situations.

The credit for reporting the issues has been given to Nikita Abramov of Positive Technologies, a cybersecurity company based in Russia.

Additionally, Zyxel urged users to contact their local service rep or visit Zyxel’s Community for further information or assistance.

Source: https://cybersecuritynews.com/zyxel-firewall-vulnerability/

Advertisement
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Copyright © 2023 Cyber Reports Cyber Security News All Rights Reserved Website by Top Search SEO