Hackers exploit a patched critical vulnerability affecting VPN devices…

47

Zyxel Firewall, the VPN company that provides multiple security and networking features to small and medium-sized businesses, has discovered a critical vulnerability, CVE-2022-30525.

The CVE-2022-30525 vulnerability was discovered by Jake Baines, Senior Security Researcher at Rapid7, in April 2022. The vulnerability allows an unauthenticated and remote attacker to execute arbitrary code on an affected device in the context of the “nobody” user.

CVE-2022-30525 of the Zyxel firewall

The CVE-2022-30525 bug is a vulnerability that can be exploited remotely by unauthorized attackers to inject commands into the operating system through the HTTP administrative interface of vulnerable firewalls. This gives attackers the ability to modify specific files and execute operating system commands.

The Zyxel Firewall vulnerability was discovered by Rapid7’s Baines and stated that this information was being released in accordance with their company’s vulnerability disclosure policy.

Sharing a recognized…



Source link

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.