Zyxel Releases Patches for Critical Bug Affecting Business Firewall and VPN Devices – The Hacker News


Networking equipment maker Zyxel has pushed security updates for a critical vulnerability affecting some of its business firewall and VPN products that could enable an attacker to take control of the devices.

“An authentication bypass vulnerability caused by the lack of a proper access control mechanism has been found in the CGI program of some firewall versions,” the company said in an advisory published this week. “The flaw could allow an attacker to bypass the authentication and obtain administrative access to the device.”

The flaw has been assigned the identifier CVE-2022-0342 and is rated 9.8 out of 10 for severity. Credited with reporting the bug are Alessandro Sgreccia from Tecnical Service Srl and Roberto Garcia H and Victor Garcia R from Innotec Security.

The following Zyxel products are impacted –

  • USG/ZyWALL running firmware versions ZLD V4.20 through ZLD V4.70 (fixed in ZLD V4.71)
  • USG FLEX running firmware versions ZLD V4.50 through ZLD V5.20 (fixed in ZLD V5.21 Patch 1)
  • ATP running firmware versions ZLD V4.32 through ZLD V5.20 (fixed in ZLD V5.21 Patch 1)
  • VPN running firmware versions ZLD V4.30 through ZLD V5.20 (fixed in ZLD V5.21)
  • NSG running firmware versions V1.20 through V1.33 Patch 4 (Hotfix V1.33p4_WK11 available now, with standard patch V1.33 Patch 5 expected in May 2022)

While there is no evidence that the vulnerability has been exploited in the wild, it’s recommended that users install the firmware updates to prevent any potential threats.

CISA warns about actively exploited Sophos and Trend Micro flaws

The disclosure comes as both Sophos and SonicWall released patches this week to their firewall appliances to resolve critical flaws (CVE-2022-1040 and CVE-2022-22274) that could allow a remote attacker to execute arbitrary code on affected systems.

The critical Sophos firewall vulnerability, which has been observed exploited in active attacks against select organizations in South Asia, has since been added by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to its Known Exploited Vulnerabilities Catalog.

Also added to the list is a high-severity arbitrary file upload vulnerability in Trend Micro’s Apex Central product that could allow an unauthenticated remote attacker to upload an arbitrary file, resulting in code execution (CVE-2022-26871, CVSS score: 8.6).

“Trend Micro has observed an active attempt of exploitation against this vulnerability in-the-wild (ITW) in a very limited number of instances, and we have been in contact with these customers already,” the company said. “All customers are strongly encouraged to update to the latest version as soon as possible.”

Source: https://thehackernews.com/2022/03/zyxel-releases-patches-for-critical-bug.html



What is a VPN? Can it really protect my online privacy and security? – Fox News

Privacy has never been in such short supply.  There’s one technology I’ve found essential to fighting back against big tech’s prying and spying routine.   A VPN, or virtual private network, can be a very good idea for you to secure your internet connection, and it can be an effective way for you to protect your online privacy and security.


Read More

How to Pick a VPN for Torrenting – How-To Geek


When you pick a VPN for torrenting, you need to look out for a few key security features, like a kill switch and transparent no-log policy. Also, avoid United States-based VPN providers and servers.

If you’re going to torrent, you’re going to need a VPN to protect yourself while doing so. How do you pick a good VPN for torrenting, though, is there something …….

Read More

The best Thailand VPN in 2023 – TechRadar

Thailand isn’t just beautiful beaches, breath-taking jungles, playful monkeys and yummy Pad Thai. Something that tourists often forget is that authorities are infamous for their strong grip on the internet. That’s where the best Thailand VPN apps can come handy.

Following the 2006 military coup d’état, online censorship and surveillance have been growing year by year. Now beyond solely …….

Read More