Zyxel finally patches dangerous VPN and Firewall flaws

News
By published

Updated firmware is now rolling out to address a critical-security vulnerability

Representational image depecting cybersecurity protection
(Image credit: Shutterstock)

The network equipment maker Zyxel has patched several of its business-grade VPN and firewall products to prevent hackers from exploiting a security flaw that could give them admin-level access to vulnerable devices.

The critical-severity vulnerability, tracked as CVE-2022-0342, affects business VPN and firewall products from the company’s USG/Zy Wall, USG Flex, ATP VPN and NSG (Nebula Security Gateway) series.

While the National Institute of Standards and Technology (NIST) has yet to provide the vulnerability with a security rating, Zyxel has given it a score of 9.8 out of a maximum of 10.

In a recently released security advisory, the company provided further details on the nature of the authentication bypass vulnerability found in the firmware of several of its products, saying:

“An authentication bypass vulnerability caused by the lack of a proper access control mechanism has been found in the CGI program of some firewall versions. The flaw could allow an attacker to bypass the authentication and obtain administrative access of the device.”

Vulnerable firewall and VPN products

According to Zyxel, the critical-severity vulnerability is present in the firmware of its USG/ZyWALL series versions 4.20-4.70, USG FLEX series versions 4.50-5.20, APT series versions 4.32-5.20, VPN series versions 4.30-5.20 and NSG series versions V1.20-V.133 Patch 4.

For its NSG series products, the company has released a hotfix for now though it plans to roll out a standard patch next month.

Read more

> Business VPN usage likely to remain high even as the pandemic subsides

> This company is giving away a free VPN to businesses and there's no catches

> How to build a free internet security suite using only standard Windows tools

The critical-severity vulnerability was discovered by Alessandro Sgreccia from Tecnical Service Srl and Roberto Garcia H and Victor Garcia R from Innotec Security.

While there are currently no public reports of this security flaw being exploited in the wild, Zyxel is advising its customers to install its latest firmware updates “for optimal protection”.

As Zyxel’s hardware devices are generally used in small to mid-sized environments to combine network access with security components that protect against malware, phishing and other malicious activity, organizations should update any affected hardware as soon as possible.

Via BleepingComputer

Anthony Spadafora
Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

Read more
Best free Linux firewalls
SonicWall tells admins to patch worrying SSLVPN flaw immediately
Security
Zyxel says it won’t patch security flaws in its old routers
Best free Linux firewalls
Fortinet warns a critical vulnerability in its systems could let attackers breach company networks
A VPN runs on a mobile phone placed on a laptop keyboard
SonicWall firewalls hit by worrying cyberattack
The best free firewall
Palo Alto Networks PAN-OS sees authentication bypass under attack from hackers
An image of network security icons for a network encircling a digital blue earth.
Industrial networks exposed to attack by faulty Moxa devices
Latest in VPN Privacy & Security
Digital hand set location on map with two pins. AI technology in GPs, innovation delivery, map location, future transport logistic, route path concept. GPs point. New office location, change address
What does your IP address reveal about you?
A stethoscope next to a laptop on a pink background
How to check if your VPN is working
Teenager playing on a gaming PC with two monitors
Is using a VPN while gaming cheating? 5 myths you shouldn't believe about gaming with a VPN
Neon blue email symbols on a black background
Why am I suddenly getting so many spam emails?
A computer file surrounded by red laser beams
Cover your tracks: the risk of sending unencrypted files
Using an Amazon Fire Stick on a Smart TV
How to use a VPN with Fire Stick
Latest in News
Ray-Ban Meta Smart Glasses
Samsung's rumored smart specs may be launching before the end of 2025
Apple iPhone 16 Review
The latest iPhone 18 leak hints at a major chipset upgrade for all four models
Quordle on a smartphone held in a hand
Quordle hints and answers for Monday, March 24 (game #1155)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Monday, March 24 (game #386)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Monday, March 24 (game #652)
Quordle on a smartphone held in a hand
Quordle hints and answers for Sunday, March 23 (game #1154)
More about vpn privacy security
Digital hand set location on map with two pins. AI technology in GPs, innovation delivery, map location, future transport logistic, route path concept. GPs point. New office location, change address

What does your IP address reveal about you?
A stethoscope next to a laptop on a pink background

How to check if your VPN is working
Compal Infinite Laptop

This laptop has a horizontal rollable display that extends to 18 inches, and I can't wait to try it
See more latest
Most Popular
Compal Infinite Laptop
This laptop has a horizontal rollable display that extends to 18 inches, and I can't wait to try it
Silicon Motion MonTian 128TB SSD
More 128TB SSDs on the way, but they won't be cheaper: Key maker of NAND flash controllers says 128TB SSDs are shipping
Toshiba HDD Innovation Lab
How to make hard drives faster? Simple, just bunch dozens of them together, Toshiba says
Asus Ascent GX10
Asus debuts its own mini AI supercomputer: Ascent GX10 costs $2999 and comes with Nvidia's GB10 Grace Blackwell Superchip
Ray-Ban Meta Smart Glasses
Samsung's rumored smart specs may be launching before the end of 2025
Quordle on a smartphone held in a hand
Quordle hints and answers for Monday, March 24 (game #1155)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Monday, March 24 (game #652)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Monday, March 24 (game #386)
Apple iPhone 16 Review
The latest iPhone 18 leak hints at a major chipset upgrade for all four models
Micron SOCAMM memory module
World's biggest RAM vendors develop superior memory form factor exclusively for Nvidia, sorry Intel and AMD