Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
thnThe Hacker NewsTHN:E7D9A8D38B2130B0AE79935F5863BF6C
HistoryJun 06, 2023 - 4:16 a.m.

Zyxel Firewalls Under Attack! Urgent Patching Required

2023-06-0604:16:00
The Hacker News
thehackernews.com
79
zyxel firewalls
urgent patching
buffer overflow
denial-of-service
remote code execution
vulnerable devices
patch release
vulnerability remediation
network security
http/https services
udp ports
gs1900 series switches
4g lte routers

EPSS

0.884

Percentile

98.8%

JSON

Zyxel Firewalls

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday placed two recently disclosed flaws in Zyxel firewalls to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.

The vulnerabilities, tracked as CVE-2023-33009 and CVE-2023-33010, are buffer overflow vulnerabilities that could enable an unauthenticated attacker to cause a denial-of-service (DoS) condition and remote code execution.

Patches to plug the security holes were released by Zyxel on May 24, 2023. The following list of devices are affected -

  • ATP (versions ZLD V4.32 to V5.36 Patch 1, patched in ZLD V5.36 Patch 2)
  • USG FLEX (versions ZLD V4.50 to V5.36 Patch 1, patched in ZLD V5.36 Patch 2)
  • USG FLEX50(W) / USG20(W)-VPN (versions ZLD V4.25 to V5.36 Patch 1, patched in ZLD V5.36 Patch 2)
  • VPN (versions ZLD V4.30 to V5.36 Patch 1, patched in ZLD V5.36 Patch 2), and
  • ZyWALL/USG (versions ZLD V4.25 to V4.73 Patch 1, patched in ZLD V4.73 Patch 2)

While the exact nature of the attacks is unknown, the development comes days after another flaw in Zyxel firewalls (CVE-2023-28771) has come under active exploitation to ensnare susceptible devices into a Mirai botnet.

UPCOMING WEBINAR

🔐 Mastering API Security: Understanding Your True Attack Surface

Discover the untapped vulnerabilities in your API ecosystem and take proactive steps towards ironclad security. Join our insightful webinar!

Join the Session

Federal Civilian Executive Branch (FCEB) agencies are required to remediate identified vulnerabilities by June 26, 2023, to secure their networks against possible threats.

Zyxel, in a new guidance issued last week, is also urging customers to disable HTTP/HTTPS services from WAN unless “absolutely” required and disable UDP ports 500 and 4500 if not in use.

The development also comes as the Taiwanese company released fixes for two flaws in GS1900 series switches (CVE-2022-45853) and 4G LTE and 5G NR outdoor routers (CVE-2023-27989) that could result in privilege escalation and denial-of-service (DoS).

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

Related

thn 7
rapid7blog 3
nessus 4
malwarebytes 1
nvd 5
prion 5
cvelist 5
cve 5
exploitdb 1
packetstorm 1
cisa_kev 3
attackerkb 3
githubexploit 3
zdt 1
metasploit 1
trellix 2
ics 1
thn
thn
Russian Hackers Linked to 'Largest Ever Cyber Attack' on Danish Critical Infrastructure
2023-11-16 06:06:00
Zyxel Issues Critical Security Patches for Firewall and VPN Products
2023-05-25 14:43:00
Zyxel Releases Urgent Security Updates for Critical Vulnerability in NAS Devices
2023-06-20 12:12:00
rapid7blog
rapid7blog
Widespread Exploitation of Zyxel Network Devices
2023-05-31 14:11:17
What’s New in InsightVM and Nexpose: Q2 2023 in Review
2023-06-29 13:00:00
Metasploit Weekly Wrap-Up
2023-06-16 20:40:51
nessus
nessus
Zyxel USG < 4.35 / ATP < 4.35 / VPN < 4.35 / ZyWALL < 4.35 (RCE) (CVE-2020-9054)
2023-05-26 00:00:00
Zyxel Router Buffer Overflow Vulnerability (DoS)
2023-06-13 00:00:00
Zyxel USG < 5.36 / ATP < 5.36 / VPN < 5.36 / ZyWALL < 4.73 Patch 1 (RCE) (CVE-2023-28771)
2023-05-22 00:00:00
malwarebytes
malwarebytes
Zyxel patches two critical vulnerabilities
2023-05-26 15:00:00
nvd
nvd
CVE-2023-27989
2023-06-05 12:15:09
CVE-2023-33009
2023-05-24 13:15:09
CVE-2023-28771
2023-04-25 02:15:08
prion
prion
Buffer overflow
2023-06-05 12:15:00
Input validation
2023-04-25 02:15:00
Buffer overflow
2023-05-24 13:15:00
cvelist
cvelist
CVE-2023-27989
2023-06-05 11:02:54
CVE-2023-28771
2023-04-25 00:00:00
CVE-2023-33010
2023-05-24 00:00:00
cve
cve
CVE-2023-27989
2023-06-05 12:15:09
CVE-2023-33009
2023-05-24 13:15:09
CVE-2023-28771
2023-04-25 02:15:08
exploitdb
exploitdb
Zyxel IKE Packet Decoder - Unauthenticated Remote Code Execution (Metasploit)
2024-06-14 00:00:00
packetstorm
packetstorm
Zyxel IKE Packet Decoder Unauthenticated Remote Code Execution
2023-06-09 00:00:00
cisa_kev
cisa_kev
Zyxel Multiple Firewalls Buffer Overflow Vulnerability
2023-06-05 00:00:00
Zyxel Multiple Firewalls OS Command Injection Vulnerability
2023-05-31 00:00:00
Zyxel Multiple Firewalls Buffer Overflow Vulnerability
2023-06-05 00:00:00
attackerkb
attackerkb
CVE-2023-33009
2023-05-24 00:00:00
CVE-2023-28771
2023-05-23 00:00:00
CVE-2023-33010
2023-05-24 00:00:00
githubexploit
githubexploit
Exploit for OS Command Injection in Zyxel Atp100 Firmware
2023-06-03 15:40:50
Exploit for OS Command Injection in Zyxel Atp100 Firmware
2023-05-23 02:37:39
Exploit for OS Command Injection in Zyxel Atp100 Firmware
2023-06-03 15:40:50
zdt
zdt
Zyxel IKE Packet Decoder Unauthenticated Remote Code Execution Exploit
2023-06-12 00:00:00
metasploit
metasploit
Zyxel IKE Packet Decoder Unauthenticated Remote Code Execution
2023-05-22 17:03:58
trellix
trellix
The Bug Report - May 2023 Edition
2023-06-07 00:00:00
The Bug Report - May 2023 Edition
2023-06-07 00:00:00
ics
ics
North Korea Cyber Group Conducts Global Espionage Campaign to Advance Regime’s Military and Nuclear Programs
2024-07-25 12:00:00

EPSS

0.884

Percentile

98.8%

JSON
Related for THN:E7D9A8D38B2130B0AE79935F5863BF6C
thn7rapid7blog3nessus4malwarebytes1nvd5prion5cvelist5cve5exploitdb1packetstorm1cisa_kev3attackerkb3githubexploit3zdt1metasploit1trellix2ics1