Firewall Vulnerability

Zyxel vulnerability makes attacker administrator of firewall

Network manufacturer Zyxel warns of a critical vulnerability that could allow an attacker to become administrator of Zyxel firewalls. The devices contain a vulnerability that could allow an attacker to bypass authentication and gain administrative access to the device. The impact of the leak, designated CVE-2022-0342, has been rated 9.8 on a scale of 1 to 10. Zyxel has released firmware updates for several firewall series: the USG/ZyWALL, USG FLEX, ATP, VPN and NSG. Last year, another vulnerability in these devices was still actively used in attacks. Zyxel therefore advises customers to install the update for “optimal protection”.