Patch/Configuration Management, Endpoint/Device Security

Significant Zyxel vulnerabilities addressed

Zyxel has released fixes for at least 15 major security vulnerabilities impacting its network access storage devices, firewalls, and access points, according to SecurityWeek. Six different flaws, including command injection and authentication bypass bugs, impacting Zyxel's NAS226 and NAS542 devices could be leveraged to facilitate sensitive system data exfiltration and operating system command execution through malicious URLs. Meanwhile, Zyxel noted that its firewalls and access points are affected by vulnerabilities that could trigger widespread device exploitation for configuration file access, sensitive cookie exfiltration, command execution, and denial-of-service attacks. Threat actors could also leverage the firewall and access point bugs to facilitate URL changes in targeted devices' web GUI registration page. Such vulnerabilities have emerged amid the escalating number of Zyxel flaws featured in the Cybersecurity and Infrastructure Security Agency's Known Exploited Vulnerabilities catalog, as well as the mounting number of Zyxel devices being added to DDoS botnets.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.