Critical vulnerability in Zyxel firewall products | Traficom
Skip to main content
National Cyber Security Center
Report incidents
Report incidents
Report incidents

Critical vulnerability in Zyxel firewall products

June 29, 2021 at 10:10

Network device manufacturer Zyxel has notified that an advanced adversary is exploiting a vulnerability in specific firewall devices. The exploits have begun on June 22nd. Zyxel has released a patch and instructions for mitigating the issue.

The vulnerability has been published on June 24th 2021. It is considered critical as the targeted devices are exposed to the internet by design, which makes them very interesting targets to possible attackers.

Attackers have bypassed authentication to the device and formed SSL-VPN connections using unknown users, therefore accessing the internal networks.

Zyxel has released a mitigating patch and a guide on best practices related to remotely accessible network devices.

Target of vulnerability

Zyxel VPN, ZyWALL, USG, ATP, USG FLEX -devices

What is this about?

Zyxel is distributing a remediating patch and instructions for reducing possible attack surface.

 

Zyxel: Security Incident Alert - Firewall Series (external link)

Network devices

Network devices mean such devices that ordinary users usually cannot see, such as routers, switches and firewalls. These devices and the related software transmit or filter network traffic.

Remote

A remotely performed attack can be implemented via an information network connection or similar without accessing the targeted system.

Security bypass

Security bypass means that by exploiting a vulnerability, the protection intended for restricting the use of the system is bypassed, for example, by directing traffic pass the firewall to a protected network.

In the wild

Software update patch

Normally, hardware or software manufacturers publish a new version or a partial update for a software or operating system soon after the vulnerability has become public. The update can be available at the same time as the vulnerability is published, but often the users have to wait for the update.