Hackers are Actively Exploiting Zyxel Firewalls RCE Vulnerability

Must Read
Sienna Rowley
Sienna Rowley
Sienna is an editor at Cloud Host News. She is an internet enthusiast, always eager to explore the latest trend in the tech space. She is a modest family woman who loves traveling in her free time.

On Monday, U.S CISA added two security flaws to its Known Exploited Vulnerabilities Catalog. One of the discovered flaws is the recently revealed remote code execution bug that affects Zyxel firewalls.

The High-severity vulnerability tracked as CVE-2022-30525 has a CVE score of 9.8. It is related to a command injection flaw found in some select versions of the Zyxel firewall that could enable an authenticated adversary to execute arbitrary commands on the underlying operating system.

The device affected by the CVE-2022-30525 include:

  • USG FLEX 100, 100W, 200, 500, 700
  • ATP 100, 200, 500, 700, 800, and
  • VPN series

In late April, the Taiwanese firm released a new firmware ZLD V5.30 to patch the above-mentioned vulnerability. Later on May 12, it was made publicly knowledgeable after a coordinated disclosure process with Rapid7.

Zyxel Firewall CVE vulnerabiliy
Zyxel Firewall CVE | Image Source: Shadowserver

Just a day after the disclosure process, nonprofit security organization “Shadowserver Foundation” started detecting notorious attempts to exploit the vulnerability. Zyxel firewall devices within France, Italy, U.S, Switzerland, and Russia are more likely to be affected by the vulnerability.

Another vulnerability added by CISA to its catalog tracked as CVE-2022-22947 got a rating of 10 (highest) on the CVSS vulnerability scoring system.

The high severity vulnerability is another code injection vulnerability in Spring Cloud Gateway and can be exploited to enable arbitrary remote execution on a remote host via a tailor-made request. Later it was addressed in Spring Cloud Gateway versions 3.1.1 and newer or 3.0.7 or newer.

Are you looking for more security updates? Subscribe to our Newsletter for the latest security news updates.

- Advertisement -spot_img
Latest News

SparkyLinux 6.6 Now Available to Download

Debian-based GNU/Linux distro, SparkyLinux has got a new update Sparky 6.6 named as Po Tolo. Based on Debian 11, Sparky...
- Advertisement -spot_img

More Articles Like This