Networking hardware vendor Zyxel today released an update to fix a critical flaw in many of its network attached storage (NAS) devices that can be used to remotely commandeer them. The patch comes 12 days after KrebsOnSecurity alerted the company that precise instructions for exploiting the vulnerability were being sold for $20,000 in the cybercrime underground.
Zyxel Patches Zero-Day Vulnerability in Network Storage Products
This experience was a good reminder that vulnerability reporting and remediation often can be a frustrating process. Twelve days turnaround is fairly quick as these things go, although probably not quick enough for customers using products affected by zero-day vulnerabilities.
Late last month, Zyxel patched a zero-day vulnerability tied to a critical flaw in many of its network attached storage (NAS) devices. The bug, tracked as CVE-2020-9054, allowed a remote, unauthenticated adversary to execute arbitrary code on a vulnerable device. Patches were made available for four out of 14 effected NAS devices. The other 10 NAS devices were no longer supported by Zyxel.
Networking equipment maker Zyxel has released patches for a critical security flaw impacting its network-attached storage (NAS) devices, notes The Hacker News. Tracked as CVE-2022-34747 (CVSS score: 9.8), the issue relates to a "format string vulnerability" affecting NAS326, NAS540, and NAS542 models.
Deadbolt ransomware group has been exploiting a zero-day vulnerability in Photo Station, a private photo storage application by QNAP. The company has released a security advisory patching this vulnerability.
In February 2020, a remote code execution vulnerability was discovered in Zyxel network-attached storage devices (NAS), CVE-2020-9054, as a zero-day vulnerability. It has been given a CVE rating of 9.8 and is regarded as being critical. According to Krebs on Security, there are around 100 million Zyxel devices deployed around the world, and Zyxel devices with a firmware version of 5.21 or less are vulnerable.
Title: DrayTek routers, switches open to attackDescription: Tech company DrayTek recently patched two zero-day vulnerabilities in some of its routers and switches that could allow malicious actors to monitor traffic and install backdoors on affected networks. DrayTek worked with security researchers to discover the vulnerabilities and active exploitations in December, and patches were made available in late March. Users are encouraged to patch their devices as soon as possible or disable remote admin access.Reference: -news/vulnerabilities/zero-day-vulnerabilities-used-against-draytek-routers-and-switches/Snort SIDs: 53591, 53592
In February, hardware maker Zyxel fixed a zero-day vulnerability in its routers and VPN firewall products after KrebsOnSecurity told the company the flaw was being abused by attackers to break into devices. This week, security researchers said they spotted that same vulnerability being exploited by a new variant of Mirai, a malware strain that targets vulnerable Internet of Things (IoT) devices for use in large-scale attacks and as proxies for other cybercrime activity.
On Monday, networking hardware maker Zyxel released security updates to plug a critical security hole in its network attached storage (NAS) devices that is being actively exploited by crooks who specialize in deploying ransomware. Today, Zyxel acknowledged the same flaw is present in many of its firewall products.
FortiGuard Labs is aware of a newly disclosed vulnerability in Zyxel network attached storage (NAS) devices in an advisory published today by CERT/CC. Multiple Zyxel devices contain a pre authentication command injection vulnerability, which may allow a remote unauthenticated attacker to execute arbitrary code on the device. The vulnerability was reported by security journalist Brian Krebs (Krebs on Security) who learned about the flaw from a researcher who had obtained the exploit code from a reseller on the underground forums. This vulnerability has been assigned CVE-2020-9054.
For products that are no longer supported it is suggested that devices affected by CVE-2020-9054 are not internet facing and or placed behind a firewall to prevent unauthenticated access. Also, FortiGuard labs recommends that system administrators perform an audit of their network to ensure that machines affected by this vulnerability and any other services that were not meant to be exposed externally, be firewalled as soon as time permits and that authentication be enabled to ensure additional mitigation from external access.
Dubbed Mukashi, the malware uses brute force attacks using different combinations of default credentials in an effort to log into Zyxel network-attached storage products, take control of them and add them to a network of devices that can be used to conduct Distributed Denial of Service (DDoS) attacks. 2ff7e9595c
コメント