Zyxel has released patches to address four security flaws affecting the firewall, AP Controller, and AP products to execute commands operating system arbitrary and steal selected information.
The list of security holes is as follows:
CVE-2022-0734 – A cross-site scripting (XSS) vulnerability in some versions of firewalls can be exploited to access information stored in a user’s browser, such as cookies or session tokens, through a malicious script.
CVE-2022-26531 – Some command-line interface (CLI) input validation errors for some versions of firewalls, AP controllers, and AP devices can be exploited to cause system crashes.
CVE-2022-26532 – A command injection vulnerability in the “packet trace” CLI command for some versions of firewalls, AP controllers, and AP devices could result in the execution of arbitrary operating system commands.
CVE-2022-0910 – Gap bypass authentication affecting selected firewall versions could allow an attacker to downgrade from two-factor authentication to one-factor through the IPsec VPN client.
Although Zyxel has published the software patch for firewalls and AP devices, but you can only get hotfixes for AP controllers affected by CVE-2022-26531 and CVE-2022-26532 by contacting your local Zyxel support team corresponding.
The development comes because a critical command injection vulnerability in select versions of the Zyxel firewall (CVE-2022-30525, CVSS score: 9.8) has been actively exploited, leaving the Security Agency US Network and Infrastructure adds this bug to Known Exploited Vulnerabilities. Table of contents.
.