Zyxel developers have alerted customers to two critical vulnerabilities in multiple firewalls and VPNs. Attackers can exploit these bugs without authentication, and problems can lead to denial of service and remote arbitrary code execution.Let me remind you that we also said that Zyxel firewalls and VPN gateways contain a built-in backdoor, and also that Hackers Attacked Critical Vulnerability in Zyxel Firewalls.
And also the media reported that Mirai Botnet Comes with new 11 Exploits to Attack Enterprise Devices by Zyxel.
This time, both vulnerabilities are related to buffer overflows and allow manipulation of memory, giving attackers the ability to write data outside the allocated partition.
Typically, such bugs cause crashes, but in some cases, successful exploitation helps to achieve code execution on a vulnerable device.
Vulnerabilities received the following identifiers:
- CVE-2023-33009: Buffer overflow related to the notification feature in some Zyxel products, allowing an unauthenticated attacker to remotely execute arbitrary code or create denial of service conditions (CVSS score of 9.8);
- CVE-2023-33010: A buffer overflow related to the ID handling feature in some Zyxel products, allowing an unauthenticated attacker to remotely execute arbitrary code or create denial of service conditions (CVSS score of 9.8).
Vulnerable to these issues are:
- Zyxel ATP versions ZLD V4.32 to V5.36 Patch 1 (fixed in ZLD V5.36 Patch 2);
- Zyxel USG FLEX ZLD V4.50 to V5.36 Patch 1 (fixed in ZLD V5.36 Patch 2);
- Zyxel USG FLEX50(W)/USG20(W)-VPN versions ZLD V4.25 to V5.36 Patch 1 (fixed in ZLD V5.36 Patch 2);
- Zyxel VPN ZLD V4.30-V5.36 Patch 1 (fixed in ZLD V5.36 Patch 2);
- Zyxel ZyWALL/USG versions from ZLD V4.25 to V4.73 Patch 1 (fixed in ZLD V4.73 Patch 2).
It is worth saying that devices running these firmware versions are commonly used by small and medium businesses to protect their networks and provide secure network access (VPN) for remote and home workers.
Attackers keep a close eye on the appearance of critical bugs in such devices, as they allow access to corporate networks.
For this reason, the manufacturer recommends that owners of affected products install the latest security updates as soon as possible.
User Review( votes)