Critical Zyxel Firewall Bug Under Active Attack After PoC Exploit Debut

  /     /     /  
Publicated : 23/11/2024   Category : security


Critical Zyxel Firewall Bug Under Active Attack After PoC Exploit Debut


Just one day after disclosure, cyberattackers are actively going after the command-injection/code-execution vulnerability in Zyxels gear.



Zyxel firewalls are under active cyberattack after a critical security vulnerability was disclosed last week that could allow unauthenticated, remote arbitrary code execution.
The bug (
CVE-2022-30525
, CVSS 9.8) was silently patched in April, but no public disclosure was made until last Thursday, May 12, when Rapid7 released a technical report on the issue. It also debuted a working proof-of-concept exploit that clearly snagged the attention of the bad-actor set: Just one day later, in-the-wild attacks started.
Zyxel’s ATP, VPN, and USG FLEX series
business firewalls
are affected. Shadowserver identified nearly 21,000 potentially vulnerable devices hanging around as of Sunday, prompting US National Security Agency cyber director Rob Joyce to issue a
call-to-patch tweet
.
The vulnerability can be triggered via a device’s HTTP interface to open a reverse shell and allow code execution as the “nobody” user. The nobody user is less privileged than actual user accounts, but a successful attack could still allow a nefarious type to modify specific files and then execute some OS commands on a vulnerable device,
Zyxel warned
. In a worst-case scenario, attackers could potentially gain control of the host operating system, disabling the firewall and opening the network to follow-on attacks.

Last News

▸ Making use of a homemade Android army ◂
Discovered: 23/12/2024
Category: security

▸ CryptoWall is more widespread but less lucrative than CryptoLocker. ◂
Discovered: 23/12/2024
Category: security

▸ Feds probe cyber breaches at JPMorgan, other banks. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Critical Zyxel Firewall Bug Under Active Attack After PoC Exploit Debut