Zyxel security advisory for authentication bypass vulnerability of firewalls
CVE: CVE-2022-0342
Summary
Zyxel has released patches for products affected by the authentication bypass vulnerability. Users are advised to install them for optimal protection.
What is the vulnerability?
An authentication bypass vulnerability caused by the lack of a proper access control mechanism has been found in the CGI program of some firewall versions. The flaw could allow an attacker to bypass the authentication and obtain administrative access of the device.
What versions are vulnerable—and what should you do?
After a thorough investigation, we’ve identified the vulnerable products that are within their warranty and support period and released updates to address the issue, as shown in the table below.
Affected series |
Affected firmware version |
Patch availability |
USG/ZyWALL |
ZLD V4.20 through ZLD V4.70 |
ZLD V4.71 |
USG FLEX |
ZLD V4.50 through ZLD V5.20 |
ZLD V5.21 Patch 1 |
ATP |
ZLD V4.32 through ZLD V5.20 |
ZLD V5.21 Patch 1 |
VPN |
ZLD V4.30 through ZLD V5.20 |
ZLD V5.21 |
NSG |
V1.20 through V1.33 Patch 4 |
。 Hotfix V1.33p4_WK11* available now 。 Standard patch V1.33 Patch 5 in middle of Jun. 2022 |
*Please reach out to your local Zyxel support team for the file.
Got a question?
Please contact your local service rep or comment blow for further information or assistance.
Acknowledgments
Thanks to the following researchers for reporting the issue to us:
。 Alessandro Sgreccia from Tecnical Service Srl
。 Roberto Garcia H and Victor Garcia R from Innotec Security
Revision history
2022-03-29:
Initial release
2022-05-27: Updated the patch plan of the NSG series
Categories
- All Categories
- 383 Beta Program
- 2.1K Nebula
- 116 Nebula Ideas
- 80 Nebula Status and Incidents
- 5.1K Security
- 76 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 69 Switch Ideas
- 907 WirelessLAN
- 34 WLAN Ideas
- 5.9K Consumer Product
- 209 Service & License
- 335 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 1.9K FAQ
- 890 Nebula FAQ
- 415 Security FAQ
- 233 Switch FAQ
- 203 WirelessLAN FAQ
- 46 Consumer Product FAQ
- 137 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 73 About Community
- 62 Security Highlight