Hardware manufacturer Zyxel has released patches for a highly critical security flaw that gives malicious hackers the ability to take control of a wide variety of firewalls and VPN products that the company sells to businesses.
The flaw is an authentication bypass vulnerability that stems from a lack of a proper access control mechanism in the CGI (common gateway interface) of the affected devices, the company said. Access control refers to a set of policies that rely on passwords and other forms of authentication to ensure that resources or data are available only to authorized persons. The vulnerability is tracked as CVE-2022-0342.
“The flaw could allow an attacker to bypass authentication and gain administrative access to the device,” Zyxel said in an advisory. The severity rating is 9.8 out of a possible 10.
The vulnerability is present in the following devices:
| Affected Series | Applicable Firmware Version | Patch Availability |
|---|---|---|
| USG/ZyWALL | ZLD V4.20 to ZLD V4.70 | ZLD V4.71 |
| USG FLEX | ZLD V4.50 to ZLD V5.20 | ZLD V5.21 Patch 1 |
| ATP | ZLD V4.32 to ZLD V5.20 | ZLD V5.21 Patch 1 |
| VPN | ZLD V4.30 to ZLD V5.20 | ZLD V5.21 |
| NSG | V1.20 to V1.33 Patch 4 |
|
The advice comes after other hardware makers recently reported that their products have similar vulnerabilities that are being actively exploited in the wild. For example, Sophos said that an authentication bypass vulnerability that could allow remote code execution was recently fixed in the Sophos Firewall v18.5 MR3 (18.5.3) and older. CVE-2022-1040 has already been used to target businesses, mainly in Asia.
Trend Micro also warned that hackers were exploiting a vulnerability in Trend Micro Apex Central that allowed the upload and execution of malicious files. The error is tracked as CVE-2022-26871.
Zyxel attributed the discovery of CVE-2022-0342 to Alessandro Sgreccia of Tecnical Service SrL and Roberto Garcia H and Victor Garcia R of Innotec Security. There are no known reports of the vulnerabilities being actively exploited.
