Zyxel Firewall, the VPN company that provides multiple security and networking features to small and medium-sized businesses, has discovered a critical vulnerability, CVE-2022-30525.
The CVE-2022-30525 vulnerability was discovered by Jake Baines, Senior Security Researcher at Rapid7, in April 2022. The vulnerability allows an unauthenticated and remote attacker to execute arbitrary code on an affected device in the context of the “nobody” user.
CVE-2022-30525 of the Zyxel firewall
The CVE-2022-30525 bug is a vulnerability that can be exploited remotely by unauthorized attackers to inject commands into the operating system through the HTTP administrative interface of vulnerable firewalls. This gives attackers the ability to modify specific files and execute operating system commands.
The Zyxel Firewall vulnerability was discovered by Rapid7’s Baines and stated that this information was being released in accordance with their company’s vulnerability disclosure policy.
Sharing a recognized…