1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Zyxel raises the alarm over new security holes in firewalls, othe

    From TechnologyDaily@1337:1/100 to All on Fri May 27 15:45:04 2022
    Zyxel raises the alarm over new security holes in firewalls, other products

    Date:
    Fri, 27 May 2022 14:29:59 +0000

    Description:
    The flaws can be chained together for an almighty attack.

    FULL STORY ======================================================================

    Networking gear manufacturer Zyxel has warned customers of multiple vulnerabilities recently discovered in a number of firewalls , AP and AP controller products. The vulnerabilities can be exploited to steal various data from the devices, crash them, run arbitrary OS commands and disable multi-factor authentication.

    In isolation, the vulnerabilities arent particularly threatening, but they
    can be chained together to perform a more devastating attack. Given that many large enterprises use Zyxel gear, the company has urged its customers to
    patch up their endpoints immediately.

    The four flaws in question are tracked as CVE-2022-0734, a CSS vulnerability in the CGI component; CVE-2022-26531, an improper validation flaw in some CLI commands; CVE-2022-26532, a command injection flaw in some CLI commands; and CVE-2022-0910 (6.5), an authentication bypass vulnerability in the CGI component.

    Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022 . Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey to get the bookazine, worth $10.99/10.99. Numerous devices affected

    The devices affected by the flaws include USG/ZyWALL, USG FLEX, ATP, VPN ,
    NSG firewalls, NXC2500 and NXC5500 AP controllers, and a range of Access
    Point products, including models of the NAP, NWA, WAC, and WAX series.

    While the fixes are already available for most of the affected endpoints, administrators must ask their local service representative for AP controllers hotfix, as these are not available to the general public. Read more

    WatchGuard firewalls exploited by Russian hackers, CISA warns


    This devious cyberattack might be selling off your internet bandwidth


    These popular VPNs, firewalls are actively under attack

    As BleepingComputer notes, US companies should make sure to patch up as soon as possible, given that they are heading into a holiday weekend. Threat
    actors are known to increase their activities during weekends and holidays,
    as those are the days when IT departments usually operate with a skeleton team.

    Zyxel is a popular target for cybercrooks. Earlier this month, its VPN and firewall products were under attack, when a critical vulnerability tracked as CVE-2022-30525 - present in ATP, VPN and some USG FLEX series products - was discovered.

    This flaw allowed threat actors to bypass authentication and achieve remote code execution. Shield against one of the most common attacks of all with the best ransomware protection services

    Via BleepingComputer



    ======================================================================
    Link to news story: https://www.techradar.com/news/zyxel-raises-the-alarm-over-new-security-holes- in-firewalls-other-products/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)