Critical Zyxel Firewall Bug Under Active Attack After PoC Exploit Debut

  /     /     /  
Publicated : 23/11/2024   Category : security

Critical Zyxel Firewall Bug Under Active Attack After PoC Exploit Debut


Just one day after disclosure, cyberattackers are actively going after the command-injection/code-execution vulnerability in Zyxels gear.


Zyxel firewalls are under active cyberattack after a critical security vulnerability was disclosed last week that could allow unauthenticated, remote arbitrary code execution.
The bug (
CVE-2022-30525
, CVSS 9.8) was silently patched in April, but no public disclosure was made until last Thursday, May 12, when Rapid7 released a technical report on the issue. It also debuted a working proof-of-concept exploit that clearly snagged the attention of the bad-actor set: Just one day later, in-the-wild attacks started.
Zyxel’s ATP, VPN, and USG FLEX series
business firewalls
are affected. Shadowserver identified nearly 21,000 potentially vulnerable devices hanging around as of Sunday, prompting US National Security Agency cyber director Rob Joyce to issue a
call-to-patch tweet
.
The vulnerability can be triggered via a device’s HTTP interface to open a reverse shell and allow code execution as the “nobody” user. The nobody user is less privileged than actual user accounts, but a successful attack could still allow a nefarious type to modify specific files and then execute some OS commands on a vulnerable device,
Zyxel warned
. In a worst-case scenario, attackers could potentially gain control of the host operating system, disabling the firewall and opening the network to follow-on attacks.

Last News

▸ ArcSight prepares for future at user conference post HP acquisition. ◂
Discovered: 07/01/2025
Category: security
▸ Samsung Epic 4G: First To Use Media Hub ◂
Discovered: 07/01/2025
Category: security
▸ Many third-party software fails security tests ◂
Discovered: 07/01/2025
Category: security


Cyber Security Categories
Google Dorks Database
 		Exploits Vulnerability
 		Exploit Shellcodes

CVE List
 		Tools/Apps
 		News/Aarticles

Phishing Database
 		Deepfake Detection
 		Trends/Statistics & Live Infos



Tags:
Critical Zyxel Firewall Bug Under Active Attack After PoC Exploit Debut