A critical vulnerability in several Zyxel network devices, CVE-2023-28771, has been known and patched since late April. This allows the default configuration to be exploited to perform unauthorized remote code execution by sending a specially modified IKEv2 packet to UDP port 500. The vulnerability is present in Zyxel models ATP – ZLD with firmware versions V4.60 to V5.35, USG FLEX – ZLD with firmware versions V4.60 to V5.35, VPN – ZLD with firmware versions V4.60 to V5.35 and ZyWALL/USG – ZLD with firmware versions V4.60 to V4.73. It has been reported that the vulnerabilities are being actively exploited, and users are encouraged to install the available patches as soon as possible.
Furthermore, security specialist Sternum Security recently discovered a critical vulnerability in Zyxel NAS devices. This concerns the Zyxel NAS326, NAS540 and NAS542 storage devices running on Linux with firmware version 5.21. An update for the internal clock in the devices can be manipulated for this, allowing an authorized end user to execute any command with root privileges on the device. Hackers who have the correct authentication can, for example, use it to inject malware remotely. Again, a patch is available and users are encouraged to install it as soon as possible.
