Zyxel says its firewall and VPN devices have critical security flaws, so patch now
Two flaws with a 9.8 vulnerability score were recently patched
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Zyxel recently discovered two critical vulnerabilities in some of its networking gear and has urged users to apply the patch immediately.
Both vulnerabilities are buffer overflows, allowing for denial-of-service (DoS) attacks, as well as remote code execution (RCE), and both were found in some of Zyxel’s firewall andVPNproducts, and carry a severity score of 9.8 (critical). They are now being tracked as CVE-2023-33009, and CVE-2023-33010.
“Zyxel has released patches for firewalls affected by multiple buffer overflow vulnerabilities,” the company’s security advisory reads. “Users are advised to install them for optimal protection.”.
Numerous devices affected
To check whether or not your endpoints are vulnerable, inspect if they’re powered by this firmware:
Cisco reveals major AnyConnect VPN security flaw>Zyxel WAX610D WiFi 6 PoE Access Point review>These are the best small business routers right now
While vendors are usually quick to issue patches for high-severity flaws, organizations aren’t that diligent with applying them, risking data breaches, and in some cases evenransomware.
SMBs could be particularly at risk as these are the typical target markets for the affected products, used to protect their networks and allow secure access for remote workers and home-office employees.
How that Zyxel released the patch, threat actors will monitor the open internet for vulnerable versions of the endpoints and will look for an opening to exploit.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
ViaBleepingComputer
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
Should your VPN always be on?
3 reasons why PIA fell in our best VPN rankings
Samsung plans record-breaking 400-layer NAND chip that could be key to breaking 200TB barrier for ultra large capacity AI hyperscaler SSDs
