The Hacker News reports that Zyxel has released fixes
for a critical security flaw impacting its USG/ZyWALL, USG FLEX, ATP, VPN, and NSG offerings.
The vulnerability, tracked as CVE-2022-0342, is "an authentication bypass vulnerability caused by the lack of a proper access control mechanism has been found in the CGI program of some firewall versions," according to Zyxel, which added that exploitation of the bug could help attackers evade authentication and secure administrative access.
Users of the impacted devices have been urged to immediately apply the patches even though it has yet to be exploited in the wild.
Zyxel's security patches come after fixes from Sophos and SonicWall to address critical bugs on firewall appliances to facilitate arbitrary code execution.
The Cybersecurity and Infrastructure Security Agency
has already added the Sophos flaw, tracked as CVE-2022-1040, as well as a high-severity Trend Micro vulnerability, tracked as CVE-2022-26871, to its list of known exploited vulnerabilities.