Zyxel has released security updates for a critical security vulnerability affecting business firewall and VPN solutions.
The security vulnerability tracked by code CVE-2022-0342 is an authentication bypass vulnerability caused by the lack of a proper access control mechanism in the web interface of some firewall versions. A threat actor that successfully exploits the vulnerability can bypass authentication and gain access to administrative privileges on the vulnerable system. The vulnerability affects the versions listed below.
Zyxel stated that no evidence of active exploitation of the said vulnerability has been detected yet and has released updates that fix the vulnerability. In this context, it is recommended that updates that fix the vulnerability be applied immediately to avoid the attacks that can be carried out using the vulnerability.