Zerobot, USG Flex 100 (W), CVE-2022-30525: something for update sooner than later.
Guru Member
According to Bill Toulas on Bleeping Computer, a new malware named Zerobot is exploiting several CVEs about several products of (again) several brands.
CVE-2022-30525 has been declared resolved in May 2022 (according to Bleeping Computer and Rapid7 with firmware 5.21 for all the ZLD 5.x capable devices.
So if your box is still waiting for the latest firmware, don't make it wait more the necessary. An unknown vulnerability is a issue, a known and unpatched vulnerability is lack of due diligence.
0
All Replies
-
Hi @mMontana
Appreciating that you shared the information. We already fixed it please refer to this Security Advisory
CVE-2022-30525 Zyxel security advisory for OS command injection vulnerability of firewalls. Besides, for better security protection against known vulnerabilities, we advise users to download the latest firmware from myZyxel and update it to the device. Many thanks.
0
Zyxel Employee
Categories
- All Categories
- 431 Beta Program
- 2.6K Nebula
- 170 Nebula Ideas
- 114 Nebula Status and Incidents
- 6K Security
- 385 USG FLEX H Series
- 294 Security Ideas
- 1.5K Switch
- 78 Switch Ideas
- 1.2K Wireless
- 42 Wireless Ideas
- 6.7K Consumer Product
- 267 Service & License
- 412 News and Release
- 87 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.9K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 83 Security Highlight
