Security researchers warn that cybercriminals are targeting vulnerable VPN or firewall devices of Zyxel.
An attacker can bypass authentication to execute remote code by exploiting a critical vulnerability known as CVE-2022-305525. This vulnerability is present in ATP VPN and certain USG FLEX series products.
Zyxel released a fix for the security flaw last week. However, thousands of administrators failed to apply the patch. The exploit is now being used openly in the wild.
Zyxel VPN vulnerability
Security firm Rapid7 first discovered the vulnerability in Zyxel’s business VPN device and assisted the company in remediation.
Rapid7 posted a blog about the bug. Rapid7 warned attackers that they could use the issue to create a reverse shell. This is a session that allows attackers to communicate with the target machine and opens the door for further attacks.
This means that an attacker could effectively take control of all systems that are protected by firewalls and other network security measures.
Zyxel published an advisory along with the patch. The company encouraged administrators to immediately install the appropriate update. This sentiment was echoed on Twitter , due to the seriousness of the issue as well as the popularity Zyxel hardware.
According to the latest analysis, 15,000 Zyxel products are still unpatched. The majority of these Zyxel products belong to companies located in France, Italy and Switzerland, which means that there is a significant risk of an attack.
Read More: mejoresvpn
Multiple security researchers have created useful online resources to help organizations protect themselves from and mitigate attacks. For example, a Spanish telecoms company has released , a program that scans endpoints for vulnerabilities, while another researcher has published , a tool for detecting intrusions related thereto.