⚡ TL;DR | Go Straight to the Zyxel Firewall/VPN Vulnerability Audit Report
Zyxel is urging its customers to apply their latest security updates as soon as possible after 2 critical vulnerabilities were found in its firewall and VPN products. The flaws could lead to remote code execution and denial-of-service attacks on vulnerable devices, leading to system crashes, compromising critical data, and interrupting services. A new report has been added to Lansweeper to help you locate at-risk devices.
Zyxel Vulnerabilities CVE-2023-33009 and CVE-2023-33010
The two vulnerabilities tracked as CVE-2023-33009 and CVE-2023-33010 both received critical CVSS scores of 9.8. Both are buffer overflow vulnerabilities in firewall and VPN products that could allow an unauthenticated attacker to execute code or impose DoS Conditions on affected devices. You can read the full details in Zyxel’s security advisory.
CVE-2023-28771 Actively Exploited
Days after the release of the patches for the above vulnerabilities, CISA published an alert that a similar critical vulnerability, CVE-2023-28771, is now being actively exploited in widespread attacks. This vulnerability affects the same firewall and VPN products as CVE-2023-33009 and CVE-2023-33010 and had already been patched by Zyxel on April 25.
Update Vulnerable Zyxel Firewalls and VPN Devices
With the discovery of these new flaws coinciding with the exploitation of the older one, users are advised to urgently update any vulnerable devices to protect their systems. You can find the list of affected devices and the available patches in Zyxel’s advisory or in the table below.
In response to the recent string of vulnerabilities and cyberattacks, Zyxel also issued another security advisory with more information on how to mitigate the risk and better protect your ZyWALL devices. The best solution is of course to install the firmware patches, but they also offer a workaround for temporary mitigation and precautionary purposes.
Affected series | Affected version | Fixed version |
ATP | ZLD V4.32 to V5.36 Patch 1 | ZLD V5.36 Patch 2 |
USG FLEX | ZLD V4.50 to V5.36 Patch 1 | ZLD V5.36 Patch 2 |
USG FLEX50(W) / USG20(W)-VPN | ZLD V4.25 to V5.36 Patch 1 | ZLD V5.36 Patch 2 |
VPN | ZLD V4.30 to V5.36 Patch 1 | ZLD V5.36 Patch 2 |
ZyWALL/USG | ZLD V4.25 to V4.73 Patch 1 | ZLD V4.73 Patch 2 |
Discover Vulnerable Zyxel Devices
Using the information provided by Zyxel, our technical team has put together an audit report to help you find all vulnerable Firewall and VPN devices in your network. This will give you an actionable list of devices that are still at risk and you can take action accordingly. You can get to the report via the link below.