Skip to main content

Zyxel Releases Security Updates for Unauthenticated Remote Command Injection Vulnerability

Zyxel releases security updates for an OS command injection vulnerability affecting multiple firewall products

Report a cyber attack: call 0300 303 5222 or email carecert@nhsdigital.nhs.uk

Summary

Zyxel releases security updates for an OS command injection vulnerability affecting multiple firewall products


Threat details

Introduction

Zyxel has released a security update for a critical vulnerability, tracked as CVE-2022-30525, discovered by Rapid7 in April 2022. The vulnerability could allow a command injection in the CGI program in a number of firewall products. This could allow a remote unauthenticated attacker to modify specific files and then execute operating system (OS) commands on a vulnerable device.

A Metasploit exploit module has been developed for this vulnerability. An attacker could use the module to exploit CVE-2022-30525 and establish a remote shell.

 

Exploitation of CVE-2022-30525

There are reports that Zyxel products vulnerable to CVE-2022-30525 are being exploited in the wild.


Remediation advice

Affected organisation are encourage to review Zyxel's security advisory and apply relevant updates and mitigations.



Last edited: 16 May 2022 10:30 am