Zyxel recently discovered two critical vulnerabilities in some of its networking gear and has urged users to apply the patch immediately.
Both vulnerabilities are buffer overflows, allowing for denial-of-service (DoS) attacks, as well as remote code execution (RCE), and both were found in some of Zyxel’s firewall and VPN products, and carry a severity score of 9.8 (critical). They are now being tracked as CVE-2023-33009, and CVE-2023-33010.
“Zyxel has released patches for firewalls affected by multiple buffer overflow vulnerabilities,” the company’s security advisory reads. “Users are advised to install them for optimal protection.”.
Numerous devices affected
To check whether or not your endpoints are vulnerable, inspect if they’re powered by this firmware:
- Zyxel ATP firmware versions ZLD V4.32 to V5.36 Patch 1 (fixed in ZLD V5.36 Patch 2)
- Zyxel USG FLEX firmware versions ZLD V4.50 to V5.36 Patch 1 (fixed in ZLD V5.36 Patch 2)
- Zyxel USG FLEX50(W) / USG20(W)-VPN firmware versions ZLD V4.25 to V5.36 Patch 1 (fixed in ZLD V5.36 Patch 2)
- Zyxel VPN firmware versions ZLD V4.30 to V5.36 Patch 1 (fixed in ZLD V5.36 Patch 2)
- Zyxel ZyWALL/USG firmware versions ZLD V4.25 to V4.73 Patch 1 (fixed in ZLD V4.73 Patch 2)
While vendors are usually quick to issue patches for high-severity flaws, organizations aren’t that diligent with applying them, risking data breaches, and in some cases even ransomware.
SMBs could be particularly at risk as these are the typical target markets for the affected products, used to protect their networks and allow secure access for remote workers and home-office employees.
How that Zyxel released the patch, threat actors will monitor the open internet for vulnerable versions of the endpoints and will look for an opening to exploit.