Zyxel Firewall Vulnerability Could Allow Authentication Bypass

Fortify Security Team
Mar 29, 2022

A vulnerability has been discovered in versions of Zyxel Firewall’s CGI program which could allow for authentication bypass. Zyxel Firewall is a next generation firewall product which enables users to manage, detect and respond to threats on the network. Successful exploitation of this vulnerability could allow an attacker to bypass authentication and obtain administrative access to the device. Malicious actors with administrative access may be able to view, change, or delete sensitive data.

THREAT INTELLIGENCE:
There is currently no reports of this vulnerability being publicly exploited.

SYSTEMS AFFECTED:

  • USG/ZyWALL – ZLD V4.20 through ZLD V4.70
  • USG FLEX – ZLD V4.50 through ZLD V5.20
  • ATP – ZLD V4.32 through ZLD V5.20
  • VPN – ZLD V4.30 through ZLD V5.20
  • NSG V1.20 through V1.33 Patch 4

RISK:
Government:

  • Large and medium government entities: High
  • Small government entities: High

Businesses:

  • Large and medium business entities: High
  • Small business entities: High

Home users: Low

TECHNICAL SUMMARY:
A vulnerability has been discovered in versions of Zyxel Firewall’s CGI program which could allow for authentication bypass. Zyxel Firewall is a next generation firewall product which enables users to manage, detect and respond to threats on the network. Successful exploitation of this vulnerability could allow an attacker to bypass authentication and obtain administrative access to the device. Malicious actors with administrative access may be able to view, change, or delete sensitive data.

RECOMMENDATIONS:
We recommend the following actions be taken:

  • Apply updates provided by Zyxel to vulnerable systems immediately after appropriate testing.
  • Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources.
  • Inform and educate users regarding the threats posed by hypertext links contained in emails or attachments especially from un-trusted sources.
  • Apply the Principle of Least Privilege to all systems and services.

REFERENCES:
Zyxel:
https://www.zyxel.com/support/Zyxel-security-advisory-for-authentication-bypass-vulnerability-of-firewalls.shtml

CVE:
https://www.cve.org/CVERecord?id=CVE-2022-0342

Recent Posts

Google Chrome Could Allow for Arbitrary Code Execution

Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Google Chrome is a web browser used to access the Internet. Successful exploitation of the most severe of these vulnerabilities could...

Oracle Quarterly Critical Patches Issued April 19, 2022

Multiple vulnerabilities have been discovered in Oracle products, which could allow for remote code execution. April 22 – THREAT INTELLIGENCE UPDATED: A new proof of concept code demonstrating a newly disclosed digital signature bypass vulnerability in Java has been...

WSO2 Products Could Allow for Remote Code Execution

A vulnerability has been discovered in specific WSO2 products, which could allow for remote code execution. WSO2 is an open-source technology provider. It offers an enterprise platform for integrating application programming interfaces (API), applications, and web...