• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
zyxel firewall devices vulnerable to remote code execution attacks —

Zyxel Firewall Devices Vulnerable to Remote Code Execution Attacks — Patch Now

You are here: Home / General Cyber Security News / Zyxel Firewall Devices Vulnerable to Remote Code Execution Attacks — Patch Now
April 28, 2023

Networking products maker Zyxel has produced patches for a critical security flaw in its firewall equipment that could be exploited to obtain remote code execution on impacted units.

The issue, tracked as CVE-2023-28771, is rated 9.8 on the CVSS scoring technique. Scientists from TRAPA Security have been credited with reporting the flaw.

“Poor mistake concept handling in some firewall variations could allow for an unauthenticated attacker to execute some OS commands remotely by sending crafted packets to an influenced gadget,” Zyxel reported in an advisory on April 25, 2023.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


Products and solutions impacted by the flaw are –

  • ATP (versions ZLD V4.60 to V5.35, patched in ZLD V5.36)
  • USG FLEX (variations ZLD V4.60 to V5.35, patched in ZLD V5.36)
  • VPN (variations ZLD V4.60 to V5.35, patched in ZLD V5.36), and
  • ZyWALL/USG (versions ZLD V4.60 to V4.73, patched in ZLD V4.73 Patch 1)

Zyxel has also tackled a substantial-severity put up-authentication command injection vulnerability impacting choose firewall variations (CVE-2023-27991, CVSS score: 8.8) that could allow an authenticated attacker to execute some OS instructions remotely.

The shortcoming, which impacts ATP, USG FLEX, USG FLEX 50(W) / USG20(W)-VPN, and VPN equipment, has been fixed in ZLD V5.36.

Approaching WEBINARLearn to Stop Ransomware with Genuine-Time Security

Sign up for our webinar and study how to prevent ransomware attacks in their tracks with serious-time MFA and support account protection.

Help save My Seat!

Last of all, the corporation also transported fixes for five high-severity flaws impacting quite a few firewalls and obtain place (AP) devices (from CVE-2023-22913 to CVE-2023-22918) that could end result in code execution and cause a denial-of-company (DoS) ailment.

Nikita Abramov from Russian cybersecurity firm Optimistic Systems has been credited for reporting the issues. Abramov, earlier this year, also found four command injection and buffer overflow vulnerabilities in CPE, fiber ONTs, and WiFi extenders.

The most critical of the flaws is CVE-2022-43389 (CVSS rating: 9.8), a buffer overflow vulnerability impacting 5G NR/4G LTE CPE equipment.

“It did not call for authentication to be exploited and led to arbitrary code execution on the unit,” Abramov defined at the time. “As a end result, an attacker could get remote entry to the machine and fully manage its procedure.”

Observed this write-up attention-grabbing? Abide by us on Twitter  and LinkedIn to study additional unique content we article.


Some components of this post are sourced from:
thehackernews.com

Previous Post: «vipersoftx infostealer adopts sophisticated techniques to avoid detection ViperSoftX InfoStealer Adopts Sophisticated Techniques to Avoid Detection
Next Post: Why Your Detection-First Security Approach Isn’t Working why your detection first security approach isn't working»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • New HTTPBot Botnet Launches 200+ Precision DDoS Attacks on Gaming and Tech Sectors
  • Top 10 Best Practices for Effective Data Protection
  • Researchers Expose New Intel CPU Flaws Enabling Memory Leaks and Spectre v2 Attacks
  • Fileless Remcos RAT Delivered via LNK Files and MSHTA in PowerShell-Based Attacks
  • [Webinar] From Code to Cloud to SOC: Learn a Smarter Way to Defend Modern Applications
  • Meta to Train AI on E.U. User Data From May 27 Without Consent; Noyb Threatens Lawsuit
  • Coinbase Agents Bribed, Data of ~1% Users Leaked; $20M Extortion Attempt Fails
  • Pen Testing for Compliance Only? It’s Time to Change Your Approach
  • 5 BCDR Essentials for Effective Ransomware Defense
  • Russia-Linked APT28 Exploited MDaemon Zero-Day to Hack Government Webmail Servers

Copyright © TheCyberSecurity.News, All Rights Reserved.