Zyxel addresses critical firewall, VPN flaws

Two critical security vulnerabilities impacting some Zyxel firewall and VPN offerings have been addressed in new software updates issued by the communications equipment firm, reports The Hacker News. Zyxel ATP versions ZLD V4.32 to V5.36 Patch 1, USG FLEX versions ZLD V4.50 to V5.36 Patch 1, USG FLEX50 (W) and USG20(W)-VPN versions ZLD V4.25 to V5.36, VPN versions ZLD V4.30 to V5.36 Patch 1, and ZyWALL/USG versions ZLD V4.25 to V4.73 Patch 1 have been affected by the flaws, tracked as CVE-2023-33009 and CVE-2023-33010, which could both be exploited to facilitate denial-of-service conditions and remote code execution. Both flaws have been identified and reported by TRAPA Security and STAR Labs SG researchers. Such updates come after Zyxel remediated the critical firewall vulnerability, tracked as CVE-2023-28771, which could be used for remote code execution. Mirai-linked attackers have since leveraged the vulnerability, also reported by TRAPA Security, in their attacks.