Zerobot, USG Flex 100 (W), CVE-2022-30525: something for update sooner than later.
Guru Member
According to Bill Toulas on Bleeping Computer, a new malware named Zerobot is exploiting several CVEs about several products of (again) several brands.
CVE-2022-30525 has been declared resolved in May 2022 (according to Bleeping Computer and Rapid7 with firmware 5.21 for all the ZLD 5.x capable devices.
So if your box is still waiting for the latest firmware, don't make it wait more the necessary. An unknown vulnerability is a issue, a known and unpatched vulnerability is lack of due diligence.
0
All Replies
-
Hi @mMontana
Appreciating that you shared the information. We already fixed it please refer to this Security Advisory
CVE-2022-30525 Zyxel security advisory for OS command injection vulnerability of firewalls. Besides, for better security protection against known vulnerabilities, we advise users to download the latest firmware from myZyxel and update it to the device. Many thanks.
See how you've made an impact in Zyxel Community this year!
0
Zyxel Employee
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 151 Nebula Ideas
- 98 Nebula Status and Incidents
- 5.7K Security
- 277 USG FLEX H Series
- 277 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 42 Wireless Ideas
- 6.4K Consumer Product
- 250 Service & License
- 395 News and Release
- 85 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.6K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 74 Security Highlight
