Zyxel Firewall Under Attack! Urgent Patch Required

June 06, 2023Ravie LakshmananNetwork Security / Vulnerabilities

The US Cyber ​​Security and Infrastructure Agency (CISA) on Monday placed two recently disclosed flaws in Zyxel firewall to Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.

The vulnerabilities, tracked as CVE-2023-33009 and CVE-2023-33010, are buffer overflow vulnerabilities that could allow an unauthenticated attacker to cause a denial-of-service (DoS) condition and remote code execution.

The patch to plug the security hole was released by Zyxel on May 24, 2023. Following list of affected devices –

• ATP (ZLD versions V4.32 to V5.36 Patch 1, patched in ZLD V5.36 Patch 2)
• USG FLEX (ZLD version V4.50 to V5.36 Patch 1, patched in ZLD V5.36 Patch 2)
• USG FLEX50(W) / USG20(W)-VPN (ZLD V4.25 to V5.36 Patch 1 version, patched in ZLD V5.36 Patch 2)
• VPN (version ZLD V4.30 to V5.36 Patch 1, patched in ZLD V5.36 Patch 2), and
• ZyWALL/USG (ZLD version V4.25 to V4.73 Patch 1, patched in ZLD V4.73 Patch 2)

While the exact nature of the attack is unknown, the development comes days after another flaw in Zyxel’s firewall (CVE-2023-28771) had been actively exploited to ensnare vulnerable devices into the Mirai botnet.

The Federal Civil Executive Branch Agency (FCEB) is required to patch identified vulnerabilities by June 26, 2023, to secure their network against potential threats.

Zyxel, in a new guidance issued last week, also urged customers to disable HTTP/HTTPS services from the WAN unless “absolutely” necessary and disable UDP ports 500 and 4500 when not in use.

Development also occurred when the Taiwanese company fixed two flaws in the GS1900 series switches (CVE-2022-45853) and 4G LTE and 5G NR outdoor routers (CVE-2023-27989) which can result in privilege escalation and denial-of-service (DoS).