Networking gear manufacturer Zyxel has warned customers of multiple vulnerabilities recently discovered in a number of firewalls, AP and AP controller products. The vulnerabilities can be exploited to steal various data from the devices, crash them, run arbitrary OS commands and disable multi-factor authentication.
In isolation, the vulnerabilities aren’t particularly threatening, but they can be chained together to perform a more devastating attack. Given that many large enterprises use Zyxel gear, the company has urged its customers to patch up their endpoints immediately.
The four flaws in question are tracked as CVE-2022-0734, a CSS vulnerability in the CGI component; CVE-2022-26531, an improper validation flaw in some CLI commands; CVE-2022-26532, a command injection flaw in some CLI commands; and CVE-2022-0910 (6.5), an authentication bypass vulnerability in the CGI component.
Numerous devices affected
The devices affected by the flaws include USG/ZyWALL, USG FLEX, ATP, VPN, NSG firewalls, NXC2500 and NXC5500 AP controllers, and a range of Access Point products, including models of the NAP, NWA, WAC, and WAX series.
While the fixes are already available for most of the affected endpoints, administrators must ask their local service representative for AP controllers hotfix, as these are not available to the general public.
As BleepingComputer notes, US companies should make sure to patch up as soon as possible, given that they are heading into a holiday weekend. Threat actors are known to increase their activities during weekends and holidays, as those are the days when IT departments usually operate with a skeleton team.
Zyxel is a popular target for cybercrooks. Earlier this month, its VPN and firewall products were under attack, when a critical vulnerability tracked as CVE-2022-30525 – present in ATP, VPN and some USG FLEX series products – was discovered.
This flaw allowed threat actors to bypass authentication and achieve remote code execution.