Zyxel security teams have fixed a dangerous vulnerability recently detected in some of its firewall solutions, recommending its customers to update to a secure version as soon as possible. Described as an authentication bypass error, the flaw exists due to the absence of a proper access control mechanism in the CGI program of some Zyxel firewall versions.
According to the report, successful exploitation of this vulnerability would allow threat actors to bypass the authentication process and gain administrative access to the compromised device.
The manufacturer of routers, firewalls and other security solutions has already concluded its investigation, noting that all affected products continue to receive support and will receive relevant updates. The following table lists the affected products and versions:
The report of these vulnerabilities was attributed to researchers Alessandro Sgreccia of Tecnical Service Srl; and Roberto García H and Víctor García from Innotec Security.
For more information on this security risk and its ways of mitigation, you can contact Zyxel customer service or visit the company’s official online platforms.
To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.