Zyxel Issues Patches for 4 New Flaws Affecting AP, API Controller, and Firewall Devices

Products You May Like

Zyxel has released patches to address four security flaws affecting its firewall, AP Controller, and AP products to execute arbitrary operating system commands and steal select information.

The list of security vulnerabilities is as follows –

  • CVE-2022-0734 – A cross-site scripting (XSS) vulnerability in some firewall versions that could be exploited to access information stored in the user’s browser, such as cookies or session tokens, via a malicious script.
  • CVE-2022-26531 – Several input validation flaws in command line interface (CLI) commands for some versions of firewall, AP controller, and AP devices that could be exploited to cause a system crash.
  • CVE-2022-26532 – A command injection vulnerability in the “packet-trace” CLI command for some versions of firewall, AP controller, and AP devices that could lead to execution of arbitrary OS commands.
  • CVE-2022-0910 – An authentication bypass vulnerability affecting select firewall versions that could permit an attacker to downgrade from two-factor authentication to one-factor authentication via an IPsec VPN client.
CyberSecurity

While Zyxel has published software patches for firewalls and AP devices, hotfix for AP controllers affected by CVE-2022-26531 and CVE-2022-26532 can be obtained only by contacting the respective local Zyxel support teams.

The development comes as a critical command injection flaw in select versions of Zyxel firewalls (CVE-2022-30525, CVSS score: 9.8) has come under active exploitation, prompting the U.S. Cybersecurity and Infrastructure Security Agency to add the bug to its Known Exploited Vulnerabilities Catalog.

Cyber Security

Products You May Like

Articles You May Like

Samsung Galaxy M13 5G With MediaTek Dimensity 700 SoC, 15W Charging Tipped; Expected to Launch in India Soon: Report
NASA’s Curiosity Rover Catches Glimpses of Ancient Ponds and Deserts on Mars
PlayStation 5 Slim: YouTuber Builds One That’s Only 2cm Thick
Bitcoin could plunge even further to a low of $13,000, one strategist warns
Asteroid Psyche Maps Hint at a World of Metal and Mystery Ahead of NASA’s August Mission

Leave a Reply

Your email address will not be published.