Zerobot, USG Flex 100 (W), CVE-2022-30525: something for update sooner than later.
Options
According to Bill Toulas on Bleeping Computer, a new malware named Zerobot is exploiting several CVEs about several products of (again) several brands.
CVE-2022-30525 has been declared resolved in May 2022 (according to Bleeping Computer and Rapid7 with firmware 5.21 for all the ZLD 5.x capable devices.
So if your box is still waiting for the latest firmware, don't make it wait more the necessary. An unknown vulnerability is a issue, a known and unpatched vulnerability is lack of due diligence.
0
All Replies
-
Hi @mMontana
Appreciating that you shared the information. We already fixed it please refer to this Security Advisory
CVE-2022-30525 Zyxel security advisory for OS command injection vulnerability of firewalls. Besides, for better security protection against known vulnerabilities, we advise users to download the latest firmware from myZyxel and update it to the device. Many thanks.
0
Categories
- All Categories
- 390 Beta Program
- 2.1K Nebula
- 116 Nebula Ideas
- 78 Nebula Status and Incidents
- 5.1K Security
- 51 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 70 Switch Ideas
- 907 WirelessLAN
- 34 WLAN Ideas
- 5.9K Consumer Product
- 210 Service & License
- 332 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 1.9K FAQ
- 880 Nebula FAQ
- 415 Security FAQ
- 220 Switch FAQ
- 195 WirelessLAN FAQ
- 46 Consumer Product FAQ
- 137 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 72 About Community
- 63 Security Highlight