Zyxel says its firewall and VPN devices have critical security flaws, so patch now

Sead Fadilpašić

May 26, 2023 at 9:47 AM·2 min read

An image of security icons for a network encircling a digital blue earth.

Zyxel recently discovered two critical vulnerabilities in some of its networking gear and has urged users to apply the patch immediately.

Both vulnerabilities are buffer overflows, allowing for denial-of-service (DoS) attacks, as well as remote code execution (RCE), and both were found in some of Zyxel’s firewall and VPN products, and carry a severity score of 9.8 (critical). They are now being tracked as CVE-2023-33009, and CVE-2023-33010.

“Zyxel has released patches for firewalls affected by multiple buffer overflow vulnerabilities,” the company’s security advisory reads. “Users are advised to install them for optimal protection.”.

Numerous devices affected

To check whether or not your endpoints are vulnerable, inspect if they’re powered by this firmware:

Zyxel ATP firmware versions ZLD V4.32 to V5.36 Patch 1 (fixed in ZLD V5.36 Patch 2)
Zyxel USG FLEX firmware versions ZLD V4.50 to V5.36 Patch 1 (fixed in ZLD V5.36 Patch 2)
Zyxel USG FLEX50(W) / USG20(W)-VPN firmware versions ZLD V4.25 to V5.36 Patch 1 (fixed in ZLD V5.36 Patch 2)
Zyxel VPN firmware versions ZLD V4.30 to V5.36 Patch 1 (fixed in ZLD V5.36 Patch 2)
Zyxel ZyWALL/USG firmware versions ZLD V4.25 to V4.73 Patch 1 (fixed in ZLD V4.73 Patch 2)

> Cisco reveals major AnyConnect VPN security flaw

> Zyxel WAX610D WiFi 6 PoE Access Point review

> These are the best small business routers right now

While vendors are usually quick to issue patches for high-severity flaws, organizations aren’t that diligent with applying them, risking data breaches, and in some cases even ransomware.

SMBs could be particularly at risk as these are the typical target markets for the affected products, used to protect their networks and allow secure access for remote workers and home-office employees.

How that Zyxel released the patch, threat actors will monitor the open internet for vulnerable versions of the endpoints and will look for an opening to exploit.

Check out our list of the best endpoint protection around

Via BleepingComputer

Yahoo Finance
Jamie Dimon is worried the US economy is headed back to the 1970s
JPMorgan's CEO is concerned the US economy could be in for a repeat of the stagflation that hampered the country during the 1970s.
16h ago
Yahoo Sports
Based on the odds, here's what the top 10 picks of the NFL Draft will be
What would a mock draft look like using just betting odds?
2d ago
Yahoo Sports
WNBA Draft winners and losers: As you may have guessed, the Fever did pretty well. The Liberty? Perhaps not
Here are five franchises who stood out, for better or for worse.
8d ago
Yahoo TV
Everyone's still talking about the 'SNL' Beavis and Butt-Head sketch. Cast members and experts explain why it's an instant classic.
Ryan Gosling, who starred in the skit, couldn't keep a straight face — and neither could some of the "Saturday Night Live" cast.
18h ago
Yahoo Sports
Dave McCarty, player on 2004 Red Sox championship team, dies 1 week after team's reunion
The Red Sox were already mourning the loss of Tim Wakefield from that 2004 team.
4d ago
Yahoo Sports
Jets trade QB Zach Wilson to Broncos
Wilson's starting over in Denver.
12h ago
Yahoo Sports
Ryan Garcia drops Devin Haney 3 times en route to stunning upset
The 25-year-old labeled "mentally fragile" by many delivered the upset for the ages.
3d ago
Yahoo Sports
Chiefs make Andy Reid NFL's highest-paid coach, sign president Mark Donovan, GM Brett Veach to extensions
Reid's deal reportedly runs through 2029 and makes him the highest-paid coach in the NFL.
1d ago
Yahoo Sports
NFL mock draft 2024: With one major trade-up, it's a QB party in the top 5
Our final 2024 mock draft projects four quarterbacks in the first five picks, but the Cardinals at No. 4 might represent the key pivot point of the entire board.
2d ago
Yahoo Sports
Yankees' Nestor Cortés told by MLB his pump-fake pitch is illegal
Cortés' attempt didn't fool Andrés Giménez, who fouled off the pitch.
4d ago

News

Life

Entertainment

Finance

Sports

New on Yahoo

Zyxel says its firewall and VPN devices have critical security flaws, so patch now

Numerous devices affected

Recommended Stories

Jamie Dimon is worried the US economy is headed back to the 1970s

Based on the odds, here's what the top 10 picks of the NFL Draft will be

WNBA Draft winners and losers: As you may have guessed, the Fever did pretty well. The Liberty? Perhaps not

Everyone's still talking about the 'SNL' Beavis and Butt-Head sketch. Cast members and experts explain why it's an instant classic.

Dave McCarty, player on 2004 Red Sox championship team, dies 1 week after team's reunion

Jets trade QB Zach Wilson to Broncos

Ryan Garcia drops Devin Haney 3 times en route to stunning upset

Chiefs make Andy Reid NFL's highest-paid coach, sign president Mark Donovan, GM Brett Veach to extensions

NFL mock draft 2024: With one major trade-up, it's a QB party in the top 5

Yankees' Nestor Cortés told by MLB his pump-fake pitch is illegal