Technology Tips

June 04, 2022

Update Zyxel Products To Fix Possible Security Vulnerability

Written By Securafy Team

Do you use a Zyxel firewall?  If so, there's good news.  The company has fixed an issue you may not have even been aware that you had.

The company pushed out the fix in a silent update a little over two weeks ago, but when they implemented the push, they didn't provide many details about it.  More of those details are emerging now.

Security researchers at Rapid7 discovered a critical security flaw, now being tracked as CVE-2022030525, which is listed as being a severity 9.8 (critical) issue.

The flaw is described as an unauthenticated remote command injection issue, via the HTTP interface.  It impacts all Zyxel firewalls that support Zero Touch Provisioning running firmware versions ZLD5.00 to ZLD5.21 Patch 1.

The following models are specifically impacted:

  • USG FLEX 50, 50W, 100W, 200, 500, 700 using firmware 5.21 and below
  • USG20-VPN and USG20W-VPN using firmware 5.21 and below
  • And ATP 100, 200, 500, 700, 800 using firmware 5.21 and below

According to the company, these products are most commonly found in smaller branch offices and corporate headquarters for SSL inspection, VPN, web filtering, email security, and intrusion protection.

Per the Rapid7 report given to Zyxel on April 13, 2022:

"Commands are executed as the "nobody" user. This vulnerability is exploited through the /ztp/cgi-bin/handler URI and is the result of passing unsanitized attacker input into the os.system method in lib_wan_settings.py.

The vulnerable functionality is invoked in association with the setWanPortSt command. An attacker can inject arbitrary commands into the mtu or the data parameter."

For their part, Zyxel moved very quickly on the issue.  They initially promised to release a fix by June 2022, but quietly pushed out the patch on April 28th, 2022 without supplying a security advisory or other technical details.

We're not sure why that decision was made, but we're very pleased to gain access to those details now. Kudos to Zyxel for their rapid response!

Picture of Securafy Team
About The Author
Our team at Securafy brings you the best tech tips, from how-to guides and troubleshooting advice to software reviews and productivity hacks. We're all about empowering businesses with the tools and knowledge they need to thrive in the digital world. Follow our posts to stay equipped with practical insights that make tech work for you.

Join the Conversation

Subscribe to our newsletter

Sign up for our FREE "Cyber Security Tip of the Week!" and always stay one step ahead of hackers and cyber-attacks.