Zerobot, USG Flex 100 (W), CVE-2022-30525: something for update sooner than later.
Guru MemberAccording to Bill Toulas on Bleeping Computer, a new malware named Zerobot is exploiting several CVEs about several products of (again) several brands.
CVE-2022-30525 has been declared resolved in May 2022 (according to Bleeping Computer and Rapid7 with firmware 5.21 for all the ZLD 5.x capable devices.
So if your box is still waiting for the latest firmware, don't make it wait more the necessary. An unknown vulnerability is a issue, a known and unpatched vulnerability is lack of due diligence.
0
All Replies
-
Hi @mMontana
Appreciating that you shared the information. We already fixed it please refer to this Security Advisory
CVE-2022-30525 Zyxel security advisory for OS command injection vulnerability of firewalls. Besides, for better security protection against known vulnerabilities, we advise users to download the latest firmware from myZyxel and update it to the device. Many thanks.
0
Zyxel Employee
Categories
- All Categories
- 164 Beta Program
- 1.7K Nebula
- 86 Nebula Ideas
- 62 Nebula Status and Incidents
- 4.7K Security
- 236 Security Ideas
- 1.1K Switch
- 50 Switch Ideas
- 907 WirelessLAN
- 27 WLAN Ideas
- 5.3K Consumer Product
- 172 Service & License
- 294 News and Release
- 65 Security Advisories
- 14 Education Center
- 911 FAQ
- 399 Nebula FAQ
- 249 Security FAQ
- 90 Switch FAQ
- 100 WirelessLAN FAQ
- 18 Consumer Product FAQ
- 55 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 68 About Community
- 51 Security Highlight
