Researchers at the cybersecurity software company Rapid7 found a bug in Zyxel firewalls that could enable unauthenticated remote attackers to execute code.
The affected firewall models include Zyxel's VPN and ATP series and USG 100(W), 200, 500, 700, and Flex 50(W)/USG20(W)-VPN.
The Shadowserver Foundation pegs the number of affected models at more than 20,800.
The vulnerability was first reported on April 13, with patches released silently by Zyxel on April 28.
Said Rapid7's Jake Baines, "We're releasing this disclosure early in order to assist defenders in detecting exploitation and to help them decide when to apply this fix in their own environments, according to their own risk tolerances. In other words, silent vulnerability patching tends to only help active attackers, and leaves defenders in the dark about the true risk of newly discovered issues."
View Full Article
Abstracts Copyright © 2022 SmithBucklin, Washington, DC, USA