Multiple vulnerabilities have been discovered in many Zyxel firewalls, access points and access point controllers. Customers should import the provided updates as soon as possible.
The IT company Zyxel, which specializes in network solutions and Internet access issued a security alert on multiple vulnerabilities in many of its firewalls, access points, and access point controllers. Although none of the vulnerabilities have been classified as critical, the company strongly advises applying the provided patches as soon as possible, as they could still be exploited by criminals and be part of an exploit chain. This is particularly important given that many large organizations use Zyxel products and hackers are particularly interested in such vulnerabilities to gain access to otherwise well-shielded networks.
Four dangerous vulnerabilities
The warning lists a total of four vulnerabilities. CVE-2022-0734 is a medium-severity cross-site scripting vulnerability in the Common Gateway Interface (CGI) component that allows attackers to use a script to steal cookies and session tokens stored in the browser of the users are stored. CVE-2022-26531 is a medium-severity, illegal validation flaw in some command-line interface (CLI) commands that allows a locally authenticated attacker to cause a buffer overflow or a system crash. There is also a high severity command injection flaw in some CLI commands, CVE-2022-26532, which allows a locally authenticated attacker to execute arbitrary operating system commands. Fourth in the bunch is CVE-2022-0910, a medium-severity authentication bypass vulnerability in the CGI component that allows attackers to bypass two-factor authentication and convert it to one-factor authentication over an IPsec - Downgrade VPN client.
Security updates are available
Affected by the vulnerabilities are Zyxel products USG/ZyWALL, USG FLEX, ATP, VPN, NSG firewalls, NXC2500 and NXC5500 AP controllers and a number of access point products including models from the NAP, NWA, WAC and WAX. Security updates are now available for almost all of these models and should be installed as soon as possible. However, a problem with this could be that administrators have to request a local hotfix for the AP controllers, since another solution is not publicly available. With the firewalls, USG/ZyWALL fixes the problems with firmware version 4.72. USG FLEX, ATP and VPN need to be updated to ZLD version 5.30 and NSG products will get the solution via v1.33 Patch 5.
More at 8com.de
About 8com The 8com Cyber Defense Center effectively protects the digital infrastructures of 8coms customers from cyber attacks. It includes security information and event management (SIEM), vulnerability management and professional penetration tests. It also offers the setup and integration of an Information Security Management System (ISMS) including certification according to current standards. Awareness measures, security training and incident response management round off the offer.