Hackers are exploiting critical bug in Zyxel firewalls and VPNs

Hackers have started to exploit a recently patched critical vulnerability, tracked as CVE-2022-30525, that affects Zyxel firewall and VPN devices for businesses.

Researchers on Thursday reported that they had found a vulnerability that affects Zyxel firewalls that allows an unauthenticated and remote attacker to launch a remote code execution (RCE). In a blog post, Rapid7 researchers said they reported the vulnerability - CVE-2022-30525 - on April 13 to Zyxel and the vendor issued a patch some two weeks later.

The vulnerability affects Zyxel firewalls that support zero touch provisioning (ZTP), which includes the ATP series, VPN series and the USG FLEX series, including USG20-VPN and USG20W-VPN.

In an advisory published by Zyxel alongside the patch, the company urged administrators to install the relevant update immediately. This sentiment was echoed on Twitter by the cybersecurity director of the NSA, such is the severity of the issue and popularity of Zyxel hardware.

The latest analysis shows that upwards of 15,000 vulnerable Zyxel products remain unpatched, the majority of which belong to companies based in France, Italy, Switzerland and the US, meaning the potential scope of attacks is significant.

Read more -here-

• Dropbox breach exposes customer credentials, authentication data
• Google: Passkey authentications top 1 billion across 400 million accounts
• FTC fines Razer for misrepresenting COVID masks as N95s
• FCC fines Verizon, AT&T other major carriers nearly $200 million for sharing customer data
• Federal regulators accuse Amazon executives of deleting messages
• FCC restores net neutrality rules