logo
DATABASE RESOURCES PRICING ABOUT US

Watch Out! Hackers Begin Exploiting Recent Zyxel Firewalls RCE Vulnerability

Description

[![Zyxel Firewalls RCE Vulnerability](https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEhIGKFPN0camWO34C8CoXpDcrZclcT7c6-ypv1tJcY-mfhQARONnbO0PaDlZboql9V42YAGaZgoPskGrVz5tPzQqvfdgYybZ-X2zOlmjtLVkz9OH5WANIuEnYBVQc30Kolkv9Rtc75D-jj23bTt3pHK7G32wtGGb5Nb8OWMmKPNyPHPG4WsAjmBdYDm/s728-e1000/firewall.jpg)](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEhIGKFPN0camWO34C8CoXpDcrZclcT7c6-ypv1tJcY-mfhQARONnbO0PaDlZboql9V42YAGaZgoPskGrVz5tPzQqvfdgYybZ-X2zOlmjtLVkz9OH5WANIuEnYBVQc30Kolkv9Rtc75D-jj23bTt3pHK7G32wtGGb5Nb8OWMmKPNyPHPG4WsAjmBdYDm/s728-e100/firewall.jpg>) --- Image source: [z3r00t](<https://twitter.com/z3r00t/status/1524952406139748359>) The U.S. Cybersecurity and Infrastructure Security Agency on Monday [added](<https://www.cisa.gov/uscert/ncas/current-activity/2022/05/16/cisa-adds-two-known-exploited-vulnerabilities-catalog>) two security flaws, including the recently disclosed remote code execution bug affecting Zyxel firewalls, to its [Known Exploited Vulnerabilities Catalog](<https://www.cisa.gov/known-exploited-vulnerabilities-catalog>), citing evidence of active exploitation. Tracked as [CVE-2022-30525](<https://thehackernews.com/2022/05/zyxel-releases-patch-for-critical.html>), the vulnerability is rated 9.8 for severity and relates to a command injection flaw in select versions of the Zyxel firewall that could enable an unauthenticated adversary to execute arbitrary commands on the underlying operating system. Impacted devices include - * USG FLEX 100, 100W, 200, 500, 700 * USG20-VPN, USG20W-VPN * ATP 100, 200, 500, 700, 800, and * VPN series The issue, for which patches were released by the Taiwanese firm in late April (ZLD V5.30), became public knowledge on May 12 following a coordinated disclosure process with Rapid7. [![Zyxel Firewalls RCE Vulnerability](https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEj1WgS1ZJQACshVW-DJuxbFN1iHDnt93hQWGDuUdrvFT4dN9O8VSRWqAhjBgBDvYEOeuWDABBmMFdDdZjPtw8HVPmDj4N9WfJc1aC7gLju41YxO0oHtqBseAEBBTmgg29o4K2uVe5SNz5zIxmHk_wjNbUHTIlA8zl4nN8jjTHbQqSwId4h-uhDHrVx5/s728-e1000/france.jpg)](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEj1WgS1ZJQACshVW-DJuxbFN1iHDnt93hQWGDuUdrvFT4dN9O8VSRWqAhjBgBDvYEOeuWDABBmMFdDdZjPtw8HVPmDj4N9WfJc1aC7gLju41YxO0oHtqBseAEBBTmgg29o4K2uVe5SNz5zIxmHk_wjNbUHTIlA8zl4nN8jjTHbQqSwId4h-uhDHrVx5/s728-e100/france.jpg>) --- Source: [Shadowserver](<https://twitter.com/Shadowserver/status/1525771529941921792>) Merely a day later, the Shadowserver Foundation [said](<https://twitter.com/Shadowserver/status/1525561213115158529>) it began detecting exploitation attempts, with most of the vulnerable appliances located in France, Italy, the U.S., Switzerland, and Russia. Also added by CISA to the catalog is [CVE-2022-22947](<https://nvd.nist.gov/vuln/detail/CVE-2022-22947>), another code injection vulnerability in Spring Cloud Gateway that could be exploited to allow arbitrary remote execution on a remote host by means of a specially crafted request. The vulnerability is rated 10 out of 10 on the CVSS vulnerability scoring system and has since been [addressed](<https://tanzu.vmware.com/security/cve-2022-22947>) in Spring Cloud Gateway versions 3.1.1 or later and 3.0.7 or later as of March 2022. Found this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter __](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.


Related