1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Zyxel says its firewall and VPN devices have critical security fl

    From TechnologyDaily@1337:1/100 to All on Fri May 26 15:00:04 2023
    Zyxel says its firewall and VPN devices have critical security flaws, so
    patch now

    Date:
    Fri, 26 May 2023 13:47:11 +0000

    Description:
    Zyxel patches two flaws with a 9.8 vulnerability score, and urges its users
    to apply the fix immediately.

    FULL STORY ======================================================================

    Zyxel recently discovered two critical vulnerabilities in some of its networking gear and has urged users to apply the patch immediately.

    Both vulnerabilities are buffer overflows, allowing for denial-of-service (DoS) attacks, as well as remote code execution (RCE), and both were found in some of Zyxels firewall and VPN products, and carry a severity score of 9.8 (critical). They are now being tracked as CVE-2023-33009, and CVE-2023-33010.

    Zyxel has released patches for firewalls affected by multiple buffer overflow vulnerabilities, the companys security advisory reads. Users are advised to install them for optimal protection.. Numerous devices affected

    To check whether or not your endpoints are vulnerable, inspect if theyre powered by this firmware: Zyxel ATP firmware versions ZLD V4.32 to V5.36
    Patch 1 (fixed in ZLD V5.36 Patch 2) Zyxel USG FLEX firmware versions ZLD V4.50 to V5.36 Patch 1 (fixed in ZLD V5.36 Patch 2) Zyxel USG FLEX50(W) / USG20(W)-VPN firmware versions ZLD V4.25 to V5.36 Patch 1 (fixed in ZLD V5.36 Patch 2) Zyxel VPN firmware versions ZLD V4.30 to V5.36 Patch 1 (fixed in ZLD V5.36 Patch 2) Zyxel ZyWALL/USG firmware versions ZLD V4.25 to V4.73 Patch 1 (fixed in ZLD V4.73 Patch 2) Read more

    Cisco reveals major AnyConnect VPN security flaw


    Zyxel WAX610D WiFi 6 PoE Access Point review


    These are the best small business routers right now

    While vendors are usually quick to issue patches for high-severity flaws, organizations arent that diligent with applying them, risking data breaches, and in some cases even ransomware .

    SMBs could be particularly at risk as these are the typical target markets
    for the affected products, used to protect their networks and allow secure access for remote workers and home-office employees.

    How that Zyxel released the patch, threat actors will monitor the open internet for vulnerable versions of the endpoints and will look for an
    opening to exploit. Check out our list of the best endpoint protection around

    Via BleepingComputer



    ======================================================================
    Link to news story: https://www.techradar.com/news/zyxel-says-its-firewall-and-vpn-devices-have-cr itical-security-flaws-so-patch-now


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)