Zyxel kwanan nan ya gano munanan lahani guda biyu a cikin wasu kayan sadarwar sa kuma ya bukaci masu amfani da su yi amfani da facin nan da nan.
Dukansu lalura biyu sun cika ambaliya, suna ba da damar kai hare-hare na rashin sabis (DoS), da kuma aiwatar da lambar nesa (RCE), kuma an samo su duka a cikin wasu samfuran Tacewar zaɓi na Zyxel da samfuran VPN, kuma suna ɗauke da ƙimar 9.8 (mafi mahimmanci). ). Yanzu ana bin su kamar CVE-2023-33009, da CVE-2023-33010.
"Zyxel ya fitar da facin don bangon wuta wanda ke fama da raunin buffer da yawa," in ji shawarar tsaro na kamfanin. "An shawarci masu amfani da su sanya su don ingantacciyar kariya."
Na'urori da yawa abin ya shafa
Don bincika ko wuraren ƙarshen ku ba su da rauni ko a'a, bincika idan wannan firmware ke da ƙarfi:
Zyxel ATP firmware versions ZLD V4.32 zuwa V5.36 Patch 1 (gyara a cikin ZLD V5.36 Patch 2)
Zyxel USG FLEX sigar firmware ZLD V4.50 zuwa V5.36 Patch 1 (an gyara a cikin ZLD V5.36 Patch 2)
Zyxel USG FLEX50(W) / USG20(W) -VPN sigar firmware ZLD V4.25 zuwa V5.36 Patch 1 (gyara a cikin ZLD V5.36 Patch 2)
Zyxel VPN nau'ikan firmware ZLD V4.30 zuwa V5.36 Patch 1 (wanda aka gyara a cikin ZLD V5.36 Patch 2)
Zyxel ZyWALL/USG nau'ikan firmware ZLD V4.25 zuwa V4.73 Patch 1 (wanda aka gyara a cikin ZLD V4.73 Patch 2)
Yayin da dillalai kan yi saurin fitar da faci don manyan lahani, ƙungiyoyi ba su da himma wajen amfani da su, suna yin haɗari da keta bayanan, kuma a wasu lokuta har ma da fansa.
SMBs na iya kasancewa cikin haɗari musamman saboda waɗannan sune kasuwannin da aka yi niyya don samfuran da abin ya shafa, waɗanda ake amfani da su don kare hanyoyin sadarwar su da ba da damar shiga amintacciyar hanya ga ma'aikatan nesa da ma'aikatan gida.
Yadda Zyxel ya fito da facin, masu yin barazanar za su saka idanu akan intanet na buɗe don nau'ikan ƙarshen ƙarshen kuma za su nemi buɗewa don amfani.
via BleepingComputer