The popular manufacturer of routers, VPN routers and firewalls for companies, Zyxel, has suffered a serious security flaw in its operating system. This critical vulnerability is currently affecting several models widely used by small and medium-sized businesses, and even by individuals, and is that a possible remote attacker will be able to gain full control of the device. Do you want to know how it affects you and what you can do to solve this problem?
What vulnerability has been found?
The manufacturer Zyxel itself has reported that a critical vulnerability has been found that allows an attacker to bypass authentication, that is, the access control mechanism has not been correctly programmed in some versions of its VPN routers and firewalls, which which could allow a remote attacker to break into the device and gain full control with administrator privileges. Of course, if a remote attacker is able to take control of the VPN router or firewall, he could also compromise the entire local network of the user or company, since he could forward all his traffic to a server controlled by him before reaching the Internet. , with the aim of performing a complete interception of all communications.
This security flaw has a rating of 9.8 out of 10, that is, it has a critical vulnerability rating, and has been assigned the identifier CVE-2022-0342. The flaw was found by three security researchers who quickly contacted the manufacturer for a quick fix.
When a cybercriminal has full control over a router, be it a home or professional router, he can not only change any internal configuration, but forward all the traffic wherever he wants to carry out a Man in the Middle attack without anyone knowing, both for monitor the connections made so as to intervene and change the traffic as he wants.
It could also be the case that the company’s users are infected with ransomware to demand a ransom, that is, through the vulnerability of these Zyxel computers, the company’s internal network could be infected with ransomware and encrypt all files and completely block the business, something really serious.
Affected Zyxel Teams
The models of this manufacturer that are affected by the security flaw are the following:
- USG/ZyWALL with firmware ZLD V4.20 up to 4.70. The new version ZLD V4.71 solves this very serious security problem.
- USG FLEX with firmware ZLD 4.50 to 5.20. The new version ZLD 5.21 Patch 1 fixes the problem.
- ATP with firmware ZLD 4.32 up to 5.20. The new version ZLD 5.21 Patch 1 fixes the problem.
- VPN with firmware ZLD 4.30 up to 5.20. The new version ZLD 5.21 Patch 1 fixes the problem.
- NSG with ZLD firmware 1.20 through 1.33 Patch 4. Patch V1.33p4_WK11 is now available to install, although the new version V.1.33 Patch 5 will be available in a month.
As you can see, all Zyxel professional products have been affected by this serious brand security flaw. According to the manufacturer, they have no evidence that this security flaw has been exploited, but they recommend installing the new firmware as soon as possible to be as protected as possible. Whenever a security flaw like this occurs, it’s rare for brands to realize if someone has exploited it, however, now that it’s known, it’s very possible that cybercriminals are finishing their tools to exploit the flaw of security.
We recommend you access the official website of Zyxel Security Notices where you will find all the details of this serious security flaw.
