Zyxel patches critical bug affecting its firewall and VPN devices

Network equipment company Zyxel has updated the firmware of several of its business-grade firewall and VPN products to address a critical-severity vulnerability that could give attackers administrator-level access to affected devices.

Zyxel’s security advisory refers to products from the USG/ZyWALL, USG FLEX, ATP, VPN, and NSG (Nebula Security Gateway) series.

Firewalls and VPNs affected

The vulnerability is tracked as CVE-2022-0342 and it is pretty serious, allowing an attacker to exploit it without authentication to get administrative access to the device.

The National Institute of Standards and Technology (NIST) has not provided a severity rating yet, but Zyxel’s assessment gives it a 9.8 score out of a maximum of 10.

“An authentication bypass vulnerability caused by the lack of a proper access control mechanism has been found in the CGI program of some firewall versions. The flaw could allow an attacker to bypass the authentication and obtain administrative access of the device” - Zyxel

The vulnerability is present in the firmware of the following Zyxel products that are still supported by the manufacturer:

  • USG/ZyWALL series firmware versions 4.20 through 4.70
  • USG FLEX series firmware versions 4.50 through 5.20
  • ATP series firmware versions 4.32 through 5.20
  • VPN series firmware versions 4.30 through 5.20
  • NSG series firmware versions V1.20 through V1.33 Patch 4

For NSG series products, the network hardware maker currently released a hotfix and plans to roll out a standard patch in May 2022.

The hardware devices above are typically used in small or mid-sized environments to combine network access, whether local or remote, with security components that can protect against malicious activity via malware or phishing.

Credited for discovering and reporting CVE-2022-0342 are Alessandro Sgreccia from Tecnical Service Srl, and Roberto Garcia H and Victor Garcia R from Innotec Security.

Zyxel is advising its customers to install the firmware updates “for optimal protection.” At the moment there are no public reports that CVE-2022-0342 is being exploited in attacks. Zyxel is advising its customers to install the firmware updates “for optimal protection.” At the moment there are no public reports that CVE-2022-0342 is being exploited in attacks.

Related Articles:

ArcaneDoor hackers exploit Cisco zero-days to breach govt networks

Malware dev lures child exploiters into honeytrap to extort them

Save up to $55 on data privacy tools for your family with AdGuard

Exploit released for Palo Alto PAN-OS bug used in attacks, patch now

Cisco warns of large-scale brute-force attacks against VPN services