Zyxel Networks, a company operating in networking solutions for both professional and home environments, has just fixed some serious vulnerabilities in its firewall that could have allowed hackers to gain full access to the internal corporate devices and networks it is supposed to protect. The security update has been quietly arriving for a couple of weeks already, however some more details have recently emerged.
The vulnerability was registered as CVE-2022-30525 with a score of 9.8 (Critical) and was discovered by Rapid7 security researchers and described in their report. The affected devices belong to the USG FLEX, USG20-VPN and USG20W-VPN and ATP series with firmware version 5.21 or earlier. These products are typically used in branch offices and corporate offices for various purposes, from VPN service to SSL analysis, as well as for intrusion protection, etc.
Firewalls are essential components for network security, especially for companies
According to the experimental exploit developed by the Rapid7 researchers, the potential consequences of a breach exploiting such flaws would be very serious. Indeed, a hostile operator could freely modify the operating system's files and command execution, which would lead to network access and lateral diffusion within it.
According to Rapid7, at the time of discovery, there were over 16,000 vulnerable systems, so this security flaw could attract the attention of more than one hacker. For this reason, network administrators should update systems as soon as possible.
The vulnerability was registered as CVE-2022-30525 with a score of 9.8 (Critical) and was discovered by Rapid7 security researchers and described in their report. The affected devices belong to the USG FLEX, USG20-VPN and USG20W-VPN and ATP series with firmware version 5.21 or earlier. These products are typically used in branch offices and corporate offices for various purposes, from VPN service to SSL analysis, as well as for intrusion protection, etc.
Firewalls are essential components for network security, especially for companies
According to the experimental exploit developed by the Rapid7 researchers, the potential consequences of a breach exploiting such flaws would be very serious. Indeed, a hostile operator could freely modify the operating system's files and command execution, which would lead to network access and lateral diffusion within it.
According to Rapid7, at the time of discovery, there were over 16,000 vulnerable systems, so this security flaw could attract the attention of more than one hacker. For this reason, network administrators should update systems as soon as possible.