Security
Headlines
HeadlinesLatestCVEs

Headline

Zyxel patches two critical vulnerabilities

Categories: Exploits and vulnerabilities Categories: News Zyxel has released a security advisory about two critical vulnerabilities that could allow an unauthorized, remote attacker to take control of its firewall devices.

(Read more…)

The post Zyxel patches two critical vulnerabilities appeared first on Malwarebytes Labs.

Malwarebytes
#vulnerability#web#mac#dos#rce#buffer_overflow#auth

Zyxell has released a security advisory for multiple buffer overflow vulnerabilities. Exploitation of these vulnerabilities could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and even a remote code execution on the affected Zyxell firewalls.

Affected users should patch as a matter of urgency, and we urge you not to expose the management interfaces of network edge devices to the Internet, in order to reduce their attack surface.

The Common Vulnerabilities and Exposures (CVE) database lists publicly disclosed computer security flaws. The CVEs patched in these updates are:

CVE-2023-33009: A buffer overflow vulnerability in the notification function in Zyxel ATP series firmware versions 4.32 through 5.36 Patch 1, USG FLEX series firmware versions 4.50 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.25 through 5.36 Patch 1, USG20(W)-VPN firmware versions 4.25 through 5.36 Patch 1, VPN series firmware versions 4.30 through 5.36 Patch 1, ZyWALL/USG series firmware versions 4.25 through 4.73 Patch 1.

CVE-2023-33010: Another buffer overflow vulnerability in the ID processing function in the same Zyxel firmware versions.

A buffer overflow is a type of software vulnerability that exists when an area of memory within a software application reaches its address boundary and writes into an adjacent memory region.

Both vulnerabilities received a CVSS score of 9.8 out of 10. In case that isn’t enough reason for you to act urgently, it is worth remembering that it only took four days for the first active exploitation to take place after Zyxel patched CVE-2022-30525 last year.

The security advisory lists the vulnerable firewall series that are within their vulnerability support period:

  • ATP versions ZLD V4.32 to V5.36 Patch 1 are covered by ZLD V5.36 Patch 2.
  • USG FLEX versions ZLD V4.50 to V5.36 Patch 1 are covered by ZLD V5.36 Patch 2.
  • USG FLEX50(W) / USG20(W)-VPN versions ZLD V4.25 to V5.36 Patch 1 are covered by ZLD V5.36 Patch 2.
  • VPN versions ZLD V4.30 to V5.36 Patch 1 are covered by ZLD V5.36 Patch 2.
  • ZyWALL/USG versions ZLD V4.25 to V4.73 Patch 1 are covered by ZLD V4.73 Patch 2.

How to install updates

Login to your ZLD appliance and go to Configuration → Licensing → Registration → Service and click the Service License Refresh button. This must be done before you can access your myZyxel account to download new firmware patches. This will sync necessary info with the myZyxel server (info like running firmware version, MAC Address, S/N, etc.).

Open an internet browser and go to URL: https://portal.myzyxel.com/ and login to your account.

Once in your account dashboard, find the ZLD router you wish to download firmware for and click on the Download button under the “Firmware Update” column.

Once downloaded, there may be up to four ways you can update the firmware, you can update the firmware manually via the Web GUI, you can FTP into the router and upload the firmware, you can utilize the Automatic Cloud Firmware update feature introduced on firmware version 4.25, or upgrade via USB flash drive.

We don’t just report on vulnerabilities—we identify them, and prioritize action.

Cybersecurity risks should never spread beyond a headline. Keep vulnerabilities in tow by using Malwarebytes Vulnerability and Patch Management.

Related news

CVE-2023-5593: Security Advisories | Zyxel Networks

The out-of-bounds write vulnerability in the Windows-based SecuExtender SSL VPN Client software version 4.0.4.0 could allow an authenticated local user to gain a privilege escalation by sending a crafted CREATE message.

Russian Hackers Launch 'Largest Ever Cyber Attack' on Danish Critical Infrastructure

Russian threat actors have been possibly linked to what's been described as the "largest cyber attack against Danish critical infrastructure," in which 22 companies associated with the operation of the country's energy sector were targeted in May 2023.  "22 simultaneous, successful cyberattacks against Danish critical infrastructure are not commonplace," Denmark's SektorCERT said [PDF]. "The

Zyxel Releases Urgent Security Updates for Critical Vulnerability in NAS Devices

Zyxel has rolled out security updates to address a critical security flaw in its network-attached storage (NAS) devices that could result in the execution of arbitrary commands on affected systems. Tracked as CVE-2023-27992 (CVSS score: 9.8), the issue has been described as a pre-authentication command injection vulnerability. "The pre-authentication command injection vulnerability in some Zyxel

Zyxel Firewalls Under Attack! Urgent Patching Required

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday placed two recently disclosed flaws in Zyxel firewalls to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerabilities, tracked as CVE-2023-33009 and CVE-2023-33010, are buffer overflow vulnerabilities that could enable an unauthenticated attacker to cause a

Mirai Malware Hits Zyxel Devices After Command Injection Bug

By Deeba Ahmed A variant of the Mirai botnet is targeting Zyxel Firewalls after exploiting a newly patched operating system command injection vulnerability. This is a post from HackRead.com Read the original post: Mirai Malware Hits Zyxel Devices After Command Injection Bug

Mirai Malware Hits Zyxel Devices After Command Injection Bug

By Deeba Ahmed A variant of the Mirai botnet is targeting Zyxel Firewalls after exploiting a newly patched operating system command injection vulnerability. This is a post from HackRead.com Read the original post: Mirai Malware Hits Zyxel Devices After Command Injection Bug

Zyxel Issues Critical Security Patches for Firewall and VPN Products

Zyxel has released software updates to address two critical security flaws affecting select firewall and VPN products that could be abused by remote attackers to achieve code execution. Both the flaws – CVE-2023-33009 and CVE-2023-33010 – are buffer overflow vulnerabilities and are rated 9.8 out of 10 on the CVSS scoring system. A brief description of the two issues is below - CVE-2023-33009 -

Zyxel Issues Critical Security Patches for Firewall and VPN Products

Zyxel has released software updates to address two critical security flaws affecting select firewall and VPN products that could be abused by remote attackers to achieve code execution. Both the flaws – CVE-2023-33009 and CVE-2023-33010 – are buffer overflow vulnerabilities and are rated 9.8 out of 10 on the CVSS scoring system. A brief description of the two issues is below - CVE-2023-33009 -

CVE-2023-33010: Zyxel security advisory for multiple buffer overflow vulnerabilities of firewalls | Zyxel Networks

A buffer overflow vulnerability in the ID processing function in Zyxel ATP series firmware versions 4.32 through 5.36 Patch 1, USG FLEX series firmware versions 4.50 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.25 through 5.36 Patch 1, USG20(W)-VPN firmware versions 4.25 through 5.36 Patch 1, VPN series firmware versions 4.30 through 5.36 Patch 1, ZyWALL/USG series firmware versions 4.25 through 4.73 Patch 1, could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and even a remote code execution on an affected device.

CVE-2023-33010: Zyxel security advisory for multiple buffer overflow vulnerabilities of firewalls | Zyxel Networks

A buffer overflow vulnerability in the ID processing function in Zyxel ATP series firmware versions 4.32 through 5.36 Patch 1, USG FLEX series firmware versions 4.50 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.25 through 5.36 Patch 1, USG20(W)-VPN firmware versions 4.25 through 5.36 Patch 1, VPN series firmware versions 4.30 through 5.36 Patch 1, ZyWALL/USG series firmware versions 4.25 through 4.73 Patch 1, could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and even a remote code execution on an affected device.

Zyxel Firewall SUID Binary Privilege Escalation

This Metasploit module exploits CVE-2022-30526, a local privilege escalation vulnerability that allows a low privileged user (e.g. nobody) escalate to root. The issue stems from a suid binary that allows all users to copy files as root. This module overwrites the firewall's crontab to execute an attacker provided script, resulting in code execution as root. In order to use this module, the attacker must first establish shell access. For example, by exploiting CVE-2022-30525. Known affected Zyxel models include USG FLEX (50, 50W, 100W, 200, 500, 700), ATP (100, 200, 500, 700, 800), VPN (50, 100, 300, 1000), USG20-VPN and USG20W-VPN.

Zyxel firewall vulnerabilities left business networks open to abuse

Severity of code execution bug mitigated by ‘high uptake’ of previous patch

Zyxel USG FLEX 5.21 Command Injection

Zyxel USG FLEX version 5.21 suffers from a command injection vulnerability.

Zyxel Issues Patches for 4 New Flaws Affecting AP, API Controller and Firewall Devices

Zyxel has released patches to address four security flaws affecting its firewall, AP Controller, and AP products to execute arbitrary operating system commands and steal select information. The list of security vulnerabilities is as follows - CVE-2022-0734 - A cross-site scripting (XSS) vulnerability in some firewall versions that could be exploited to access information stored in the user's

Watch Out! Hackers Begin Exploiting Recent Zyxel Firewalls RCE Vulnerability

Image source: z3r00t The U.S. Cybersecurity and Infrastructure Security Agency on Monday added two security flaws, including the recently disclosed remote code execution bug affecting Zyxel firewalls, to its Known Exploited Vulnerabilities Catalog, citing evidence of active exploitation. Tracked as CVE-2022-30525, the vulnerability is rated 9.8 for severity and relates to a command injection flaw

Critical Zyxel Firewall Bug Under Active Attack After PoC Exploit Debut

Just one day after disclosure, cyberattackers are actively going after the command-injection/code-execution vulnerability in Zyxel's gear.

Zyxel Firewall ZTP Unauthenticated Command Injection

This Metasploit module exploits CVE-2022-30525, an unauthenticated remote command injection vulnerability affecting Zyxel firewalls with zero touch provisioning (ZTP) support. By sending a malicious setWanPortSt command containing an mtu field with a crafted OS command to the /ztp/cgi-bin/handler page, an attacker can gain remote command execution as the nobody user. Affected Zyxel models are USG FLEX 50, 50W, 100W, 200, 500, 700 using firmware 5.21 and below, USG20-VPN and USG20W-VPN using firmware 5.21 and below, and ATP 100, 200, 500, 700, 800 using firmware 5.21 and below.

Zyxel Releases Patch for Critical Firewall OS Command Injection Vulnerability

Zyxel has moved to address a critical security vulnerability affecting Zyxel firewall devices that enables unauthenticated and remote attackers to gain arbitrary code execution. "A command injection vulnerability in the CGI program of some firewall versions could allow an attacker to modify specific files and then execute some OS commands on a vulnerable device," the company said in an advisory

CVE-2022-30525: Zyxel security advisory for OS command injection vulnerability of firewalls

A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W) firmware versions 5.00 through 5.21 Patch 1, USG FLEX 200 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 500 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 700 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 50(W) firmware versions 5.10 through 5.21 Patch 1, USG20(W)-VPN firmware versions 5.10 through 5.21 Patch 1, ATP series firmware versions 5.10 through 5.21 Patch 1, VPN series firmware versions 4.60 through 5.21 Patch 1, which could allow an attacker to modify specific files and then execute some OS commands on a vulnerable device.

CVE-2022-30525: Zyxel security advisory for OS command injection vulnerability of firewalls

A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W) firmware versions 5.00 through 5.21 Patch 1, USG FLEX 200 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 500 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 700 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 50(W) firmware versions 5.10 through 5.21 Patch 1, USG20(W)-VPN firmware versions 5.10 through 5.21 Patch 1, ATP series firmware versions 5.10 through 5.21 Patch 1, VPN series firmware versions 4.60 through 5.21 Patch 1, which could allow an attacker to modify specific files and then execute some OS commands on a vulnerable device.