Zyxel has released updates for a critical XSS (Cross Site Scripting) vulnerability that affects specific models of firewalls.
The vulnerability, tracked as CVE-2022-40603, affects the CGI program of firewall versions and is caused by insufficient sanitization of user-supplied data. A remote threat actor can direct targeted users to visit an XSS-loaded URL and execute a malicious script in the user’s browser. A threat actor who successfully exploited the vulnerability could access sensitive browser-based information.
The firewall models and versions affected by the security vulnerability are as follows;
Zyxel has fixed the said vulnerability with the current versions mentioned above. In this context, it is recommended to implement the published updates immediately in order not to be the target of targeted attacks that can be carried out using the vulnerability.