Attackers could target vulnerabilities in Zyxel firewalls and, in the worst case, execute their own commands with root privileges. Security updates are available.
The root vulnerability (CVE-2022-30526) has a threat level of “high“ classified. Local attackers could attack the CLI command component here. By successfully exploiting the second vulnerability (CVe-2022-2030 “medium’) attackers could gain unauthorized access to files.
According to an alert, the following series are vulnerable:
- ATP series
- USG FLEX 50(W) / USG20(W) VPN
- USG FLEX 100(W), 200, 500, 700
- VPN Series
Against the attacks is the version ZLD V5.31 secured. If you use the USG/ZyWALL series, you must use the secured firmware release ZLD V4.72 get it from support.
To home page