Zyxel patches critical bug affecting firewall and VPN devices – BleepingComputer


Network equipment company Zyxel has updated the firmware of several of its business-grade firewall and VPN products to address a critical-severity vulnerability that could give attackers administrator-level access to affected devices.

Zyxel’s security advisory refers to products from the USG/ZyWALL, USG FLEX, ATP, VPN, and NSG (Nebula Security Gateway) series.

Firewalls and VPNs affected

The vulnerability is tracked as CVE-2022-0342 and it is pretty serious, allowing an attacker to exploit it without authentication to get administrative access to the device.

The National Institute of Standards and Technology (NIST) has not provided a severity rating yet, but Zyxel’s assessment gives it a 9.8 score out of a maximum of 10.

“An authentication bypass vulnerability caused by the lack of a proper access control mechanism has been found in the CGI program of some firewall versions. The flaw could allow an attacker to bypass the authentication and obtain administrative access of the device” – Zyxel

The vulnerability is present in the firmware of the following Zyxel products that are still supported by the manufacturer:

  • USG/ZyWALL series firmware versions 4.20 through 4.70
  • USG FLEX series firmware versions 4.50 through 5.20
  • ATP series firmware versions 4.32 through 5.20
  • VPN series firmware versions 4.30 through 5.20
  • NSG series firmware versions V1.20 through V1.33 Patch 4

For NSG series products, the network hardware maker currently released a hotfix and plans to roll out a standard patch in May 2022.

The hardware devices above are typically used in small or mid-sized environments to combine network access, whether local or remote, with security components that can protect against malicious activity via malware or phishing.

Credited for discovering and reporting CVE-2022-0342 are Alessandro Sgreccia from Tecnical Service Srl, and Roberto Garcia H and Victor Garcia R from Innotec Security.

Zyxel is advising its customers to install the firmware updates “for optimal protection.” At the moment there are no public reports that CVE-2022-0342 is being exploited in attacks. Zyxel is advising its customers to install the firmware updates “for optimal protection.” At the moment there are no public reports that CVE-2022-0342 is being exploited in attacks.

Source: https://www.bleepingcomputer.com/news/security/zyxel-patches-critical-bug-affecting-firewall-and-vpn-devices/



What is a VPN? Can it really protect my online privacy and security? – Fox News

Privacy has never been in such short supply.  There’s one technology I’ve found essential to fighting back against big tech’s prying and spying routine.   A VPN, or virtual private network, can be a very good idea for you to secure your internet connection, and it can be an effective way for you to protect your online privacy and security.


Read More

How to Pick a VPN for Torrenting – How-To Geek


When you pick a VPN for torrenting, you need to look out for a few key security features, like a kill switch and transparent no-log policy. Also, avoid United States-based VPN providers and servers.

If you’re going to torrent, you’re going to need a VPN to protect yourself while doing so. How do you pick a good VPN for torrenting, though, is there something …….

Read More

The best Thailand VPN in 2023 – TechRadar

Thailand isn’t just beautiful beaches, breath-taking jungles, playful monkeys and yummy Pad Thai. Something that tourists often forget is that authorities are infamous for their strong grip on the internet. That’s where the best Thailand VPN apps can come handy.

Following the 2006 military coup d’état, online censorship and surveillance have been growing year by year. Now beyond solely …….

Read More