Zyxel has confirmed a security vulnerability that affects its firewalls and VPN (opens in new tab) access points. The security bug has been classified as critical, although patches have now been released.
“A stack-based buffer overflow in fbwifi_continue.cgi on Zyxel UTM and VPN series of gateways running firmware version V4.30 through to V4.55 allows remote unauthenticated attackers to execute arbitrary code via a crafted http packet,” an update posted to the National Vulnerability Database read (opens in new tab).
The buffer overflow vulnerability can be manipulated through an unknown input and leads to memory corruption issues that could have an impact on the privacy, integrity, and availability of a victim’s device. The bug is being tracked as CVE-2020-25014 and is reportedly easy to exploit – although technical details of how this takes place are currently unknown.
- See our list of the best business routers (opens in new tab)
- Here's our list of the best business network switches (opens in new tab)
- Use one of our recommended best business VPNs (opens in new tab)
Patches available
The Zyxel products that are affected by the vulnerability all support the Facebook Wi-Fi feature. As a result, Zyxel has issued patches for all the relevant products that remain within their warranty and support periods. It is advised that users install updates as soon as possible and get in contact with their local Zyxel support team if they require further assistance.
This is not the first time that a company offering security services has found itself patching its own vulnerabilities. Last week, cybersecurity firm Sophos (opens in new tab) revealed that it was the victim of a data breach that may have compromised sensitive information for a small number of customers.
Earlier this month, Zyxel announced the launch (opens in new tab) of two new firewalls, the USG FLEX 100W and USG FLEX 700 as well as new firmware ZLD 4.60. It seems as though the recently discovered security flaw affects earlier versions of the Zyxel firmware, which demonstrates how important it is to install the latest updates for all software solutions
- Also, here's our roundup of the best business broadband (opens in new tab) deals available