Critical XSS Alert Affecting Zyxel’s Specific Firewall Models

[vc_row pix_particles_check=”” nav_skin=”light” consent_include=”include”][vc_column][vc_column_text]Zyxel has released updates for a critical XSS (Cross Site Scripting) vulnerability that affects specific models of firewalls.

The vulnerability, tracked as CVE-2022-40603, affects the CGI program of firewall versions and is caused by insufficient sanitization of user-supplied data. A remote threat actor can direct targeted users to visit an XSS-loaded URL and execute a malicious script in the user’s browser. A threat actor who successfully exploited the vulnerability could access sensitive browser-based information.

The firewall models and versions affected by the security vulnerability are as follows;[/vc_column_text][vc_empty_space height=”10px”][vc_single_image image=”17085″ img_size=”full” add_caption=”yes” alignment=”center”][vc_empty_space height=”10px”][vc_column_text]Zyxel has fixed the said vulnerability with the current versions mentioned above. In this context, it is recommended to implement the published updates immediately in order not to be the target of targeted attacks that can be carried out using the vulnerability.[/vc_column_text][vc_empty_space][/vc_column][/vc_row]