How can we help?
Zyxel have released a firmware update for their firewall and VPN products to address an authentication bypass vulnerability (CVE-2022-0342).
A remote attacker could bypass web authentication and obtain administrative access of the device.
- USG/ZyWALL – ZLD V4.20 through to ZLD V4.70
- USG FLEX – ZLD V4.50 through to ZLD V5.20
- ATP – ZLD V4.32 through to ZLD V5.20
- VPN – ZLD V4.30 through to ZLD V5.20
- NSG – V1.20 through to V1.33 Patch 4
Containment, Mitigations & Remediations
Update to the latest available version.
Indicators of Compromise
Zyxel manufactures a wide range of products and are quite common in small- and medium-sized enterprises (SMEs). These types of organisations may not have the awareness, processes or security maturity in place to fully understand their environments. SMEs also make up the majority of organisations in existence around the globe, and while large organisations with large amounts of capital are desirable targets for threat actors, finding an easy way into multiple organisations by bypassing or evading their firewalls makes targeting this vulnerability and attack vector an alluring prospect to cybercriminals.
Exploit Public-Facing Application – T1190