Cybercriminals are launching attacks against vulnerable VPN and firewall devices from Zyxel, security researchers have warned.
By leveraging a critical vulnerability tracked as CVE-2022-30525 – present in ATP, VPN and some USG FLEX series products – attackers are able to bypass authentication and achieve remote code execution.
Although Zyxel rolled out a fix for the security bug last week, thousands of administrators have failed to install the necessary patch and the exploit is now being utilized openly in the wild.
Zyxel VPN vulnerability
The vulnerability in Zyxel’s business VPN devices was first identified by security firm Rapid7, which assisted the company with the remediation.
In a blog post detailing the bug, Rapid7 warned that attackers could abuse the issue to establish a reverse shell, a type of session that facilitates communication between the attacker and the target machine and sets the stage for further attacks.
The result is that the attacker could effectively seize full control of systems that are otherwise protected by a firewall and other network security measures.
In an advisory published by Zyxel alongside the patch, the company urged administrators to install the relevant update immediately. This sentiment was echoed on Twitter by the cybersecurity director of the NSA, such is the severity of the issue and popularity of Zyxel hardware.
The latest analysis shows that upwards of 15,000 vulnerable Zyxel products remain unpatched, the majority of which belong to companies based in France, Italy, Switzerland and the US, meaning the potential scope of attacks is significant.
To help organizations shield against and mitigate attacks, multiple security researchers have published useful resources online. A team operating under Spanish telecoms firm Telefonica, for example, has released a program that scans for vulnerable endpoints, and another researcher has published a tool to help detect intrusions related to the flaw.
English
Arabic
Belarusian
Bengali
Bosnian
Bulgarian
Chinese (Simplified)
Croatian
Czech
Danish
Dutch
Estonian
Filipino
Finnish
French
Georgian
German
Greek
Gujarati
Hausa
Hebrew
Hindi
Hmong
Hungarian
Igbo
Indonesian
Italian
Japanese
Javanese
Kazakh
Korean
Kurdish (Kurmanji)
Kyrgyz
Lao
Latvian
Lithuanian
Macedonian
Malagasy
Norwegian
Persian
Polish
Portuguese
Punjabi
Romanian
Russian
Serbian
Slovak
Slovenian
Spanish
Swedish
Thai
Turkish
Ukrainian
Vietnamese
Yoruba