Two critical security vulnerabilities impacting some Zyxel firewall and VPN offerings have been addressed in new software updates issued by the communications equipment firm, reports The Hacker News.
Zyxel ATP versions ZLD V4.32 to V5.36 Patch 1, USG FLEX versions ZLD V4.50 to V5.36 Patch 1, USG FLEX50 (W) and USG20(W)-VPN versions ZLD V4.25 to V5.36, VPN versions ZLD V4.30 to V5.36 Patch 1, and ZyWALL/USG versions ZLD V4.25 to V4.73 Patch 1 have been affected by the flaws, tracked as CVE-2023-33009 and CVE-2023-33010, which could both be exploited to facilitate denial-of-service conditions and remote code execution.
Both flaws have been identified and reported by TRAPA Security and STAR Labs SG researchers. Such updates come after Zyxel remediated the critical firewall vulnerability, tracked as CVE-2023-28771, which could be used for remote code execution.
Mirai-linked attackers have since leveraged the vulnerability, also reported by TRAPA Security, in their attacks.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds