Zyxel says its firewall and VPN tools have serious security flaws, so patch now
Zyxel recently discovered two critical vulnerabilities in some of its networking gear and urged users to apply patches immediately.
Both vulnerabilities are buffer overflows, which allow denial-of-service (DoS) attacks, as well as remote code execution (RCE), and both were found in some of Zyxel’s firewall and VPN products, and in version 9.8 (critical ) have a severity score of ). They are now being tracked as CVE-2023-33009 and CVE-2023-33010.
The company’s security advisory reads, “Zyxel has released patches for firewalls affected by multiple buffer overflow vulnerabilities.” “Users are advised to install them for optimum protection”.
multiple devices affected
To check if your endpoints are vulnerable, inspect if they are powered by this firmware:
- Zyxel ATP Firmware Version ZLD V4.32 to V5.36 Patch 1 (fixed in ZLD V5.36 Patch 2)
- Zyxel USG FLEX Firmware Version ZLD V4.50 to V5.36 Patch 1 (fixed in ZLD V5.36 Patch 2)
- Zyxel USG FLEX50(W) / USG20(W)-VPN Firmware Version ZLD V4.25 to V5.36 Patch 1 (Fixed in ZLD V5.36 Patch 2)
- Zyxel VPN Firmware Version ZLD V4.30 to V5.36 Patch 1 (fixed in ZLD V5.36 Patch 2)
- Zyxel ZyWALL/USG Firmware Version ZLD V4.25 to V4.73 Patch 1 (fixed in ZLD V4.73 Patch 2)
While vendors are usually quick to issue patches for high-severity flaws, organizations are not diligent in implementing them, risking data breaches and, in some cases, even ransomware.
SMBs may be particularly at risk because these are the typical target market for the affected products, which are used to protect their networks and allow secure access for remote workers and home-office workers.
Because of how Zyxel released the patch, threat actors will monitor the open Internet for vulnerable versions of endpoints and look for an opening to exploit.