Zyxel has released updates for a critical XSS (Cross Site Scripting) vulnerability that affects specific models of firewalls.
The vulnerability, tracked as CVE-2022-40603, affects the CGI program of firewall versions and is caused by insufficient sanitization of user-supplied data. A remote threat actor can direct targeted users to visit an XSS-loaded URL and execute a malicious script in the user’s browser. A threat actor who successfully exploited the vulnerability could access sensitive browser-based information.
The firewall models and versions affected by the security vulnerability are as follows;
