Zerobot, USG Flex 100 (W), CVE-2022-30525: something for update sooner than later.
Guru Member
According to Bill Toulas on Bleeping Computer, a new malware named Zerobot is exploiting several CVEs about several products of (again) several brands.
CVE-2022-30525 has been declared resolved in May 2022 (according to Bleeping Computer and Rapid7 with firmware 5.21 for all the ZLD 5.x capable devices.
So if your box is still waiting for the latest firmware, don't make it wait more the necessary. An unknown vulnerability is a issue, a known and unpatched vulnerability is lack of due diligence.
0
All Replies
-
Hi @mMontana
Appreciating that you shared the information. We already fixed it please refer to this Security Advisory
CVE-2022-30525 Zyxel security advisory for OS command injection vulnerability of firewalls. Besides, for better security protection against known vulnerabilities, we advise users to download the latest firmware from myZyxel and update it to the device. Many thanks.
0
Zyxel Employee
Categories
- All Categories
- 417 Beta Program
- 2.5K Nebula
- 160 Nebula Ideas
- 108 Nebula Status and Incidents
- 5.9K Security
- 331 USG FLEX H Series
- 286 Security Ideas
- 1.5K Switch
- 78 Switch Ideas
- 1.2K Wireless
- 42 Wireless Ideas
- 6.6K Consumer Product
- 259 Service & License
- 402 News and Release
- 86 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.8K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 80 Security Highlight
