Home / About / Threat Intelligence / Critical vulnerability in Zyxel Firewalls

Overview

Zyxel have released a firmware update for their firewall and VPN products to address an authentication bypass vulnerability (CVE-2022-0342).

Impact

A remote attacker could bypass web authentication and obtain administrative access of the device.

Affected Products

  • USG/ZyWALL – ZLD V4.20 through to ZLD V4.70
  • USG FLEX – ZLD V4.50 through to ZLD V5.20
  • ATP – ZLD V4.32 through to ZLD V5.20
  • VPN – ZLD V4.30 through to ZLD V5.20
  • NSG – V1.20 through to V1.33 Patch 4

Containment, Mitigations & Remediations

Update to the latest available version.

Indicators of Compromise

None listed.

Threat Landscape

Zyxel manufactures a wide range of products and are quite common in small- and medium-sized enterprises (SMEs). These types of organisations may not have the awareness, processes or security maturity in place to fully understand their environments. SMEs also make up the majority of organisations in existence around the globe, and while large organisations with large amounts of capital are desirable targets for threat actors, finding an easy way into multiple organisations by bypassing or evading their firewalls makes targeting this vulnerability and attack vector an alluring prospect to cybercriminals.

Mitre Methodologies

Exploit Public-Facing Application – T1190

Further Information

Zyxel security advisory for authentication bypass vulnerability of firewalls