Zyxel patches critical vulnerability that can allow Firewall and VPN hijacks

by
Dan Goodin
from Ars Technica - All content on (#5XV3X)
digital-design-1-800x534.jpeg

Enlarge (credit: Getty Images)

Hardware manufacturer Zyxel has issued patches for a highly critical security flaw that gives malicious hackers the ability to take control of a wide range of firewalls and VPN products the company sells to businesses.

The flaw is an authentication bypass vulnerability that stems from a lack of a proper access-control mechanism in the CGI (common gateway interface) of affected devices, the company said. Access control refers to a set of policies that rely on passwords and other forms of authentication to ensure resources or data are available only to authorized people. The vulnerability is tracked as CVE-2022-0342.

The flaw could allow an attacker to bypass the authentication and obtain administrative access of the device," Zyxel said in an advisory. The severity rating is 9.8 out of a possible 10.

Read 4 remaining paragraphs | Comments

index?i=ULQUnhPdS_s:c9fsHYDVHkY:V_sGLiPB index?i=ULQUnhPdS_s:c9fsHYDVHkY:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments