Zyxel UTM and VPN series of gateways impacted by vulnerability

(Image credit: Shutterstock.com)

Zyxel has confirmed a security vulnerability that affects its firewalls and VPN access points. The security bug has been classified as critical, although patches have now been released.

“A stack-based buffer overflow in fbwifi_continue.cgi on Zyxel UTM and VPN series of gateways running firmware version V4.30 through to V4.55 allows remote unauthenticated attackers to execute arbitrary code via a crafted http packet,” an update posted to the National Vulnerability Database read.

The buffer overflow vulnerability can be manipulated through an unknown input and leads to memory corruption issues that could have an impact on the privacy, integrity, and availability of a victim’s device. The bug is being tracked as CVE-2020-25014 and is reportedly easy to exploit – although technical details of how this takes place are currently unknown.

Patches available

The Zyxel products that are affected by the vulnerability all support the Facebook Wi-Fi feature. As a result, Zyxel has issued patches for all the relevant products that remain within their warranty and support periods. It is advised that users install updates as soon as possible and get in contact with their local Zyxel support team if they require further assistance.

This is not the first time that a company offering security services has found itself patching its own vulnerabilities. Last week, cybersecurity firm Sophos revealed that it was the victim of a data breach that may have compromised sensitive information for a small number of customers.

Earlier this month, Zyxel announced the launch of two new firewalls, the USG FLEX 100W and USG FLEX 700 as well as new firmware ZLD 4.60. It seems as though the recently discovered security flaw affects earlier versions of the Zyxel firmware, which demonstrates how important it is to install the latest updates for all software solutions

Barclay Ballard

Barclay has been writing about technology for a decade, starting out as a freelancer with ITProPortal covering everything from London’s start-up scene to comparisons of the best cloud storage services.  After that, he spent some time as the managing editor of an online outlet focusing on cloud computing, furthering his interest in virtualization, Big Data, and the Internet of Things.