Critical vulnerability in Zyxel firewall products
Vulnerability18/2021
Network device manufacturer Zyxel has notified that an advanced adversary is exploiting a vulnerability in specific firewall devices. The exploits have begun on June 22nd. Zyxel has released a patch and instructions for mitigating the issue.
The vulnerability has been published on June 24th 2021. It is considered critical as the targeted devices are exposed to the internet by design, which makes them very interesting targets to possible attackers.
Attackers have bypassed authentication to the device and formed SSL-VPN connections using unknown users, therefore accessing the internal networks.
Zyxel has released a mitigating patch and a guide on best practices related to remotely accessible network devices.
Target
- Network devices
Attack vector
- Remote
Impact
- Security bypass
Exploit seen live
- In the wild
Remediation
- Software update patch
Subject of vulnerability
Zyxel VPN, ZyWALL, USG, ATP, USG FLEX -devices
What is it about?
Zyxel is distributing a remediating patch (External link) and instructions for reducing possible attack surface.