Security Affairs

JUNE 16, 2024

Taiwanese manufacturer giant ASUS addressed a critical remote authentication bypass vulnerability impacting several router models. ASUS addresses a critical remote authentication bypass vulnerability, tracked as CVE-2024-3080 (CVSS v3.1 score: 9.8), impacting seven router models. impacting multiple devices.

Authentication 128

Authentication Firmware VPN Manufacturing 128

Security Affairs

DECEMBER 8, 2020

An unauthenticated command injection vulnerability could be exploited by threat actors to compromise D-Link VPN routers. Security researchers at Digital Defense discovered three vulnerabilities in D-Link VPN routers, including command injection flaws, and an authenticated crontab injection flaw. and earlier. and earlier.

VPN 130

VPN Hacking Firmware Authentication 130

Security Affairs

FEBRUARY 18, 2025

The two vulnerabilities are: CVE-2025-0108 Palo Alto PAN-OS Authentication Bypass Vulnerability CVE-2024-53704 SonicWall SonicOS SSLVPN Improper Authentication Vulnerability Researchers recently warned that threat actors exploit a recently disclosed vulnerability, CVE-2025-0108, in Palo Alto Networks PAN-OS firewalls.

Firewall 63

Firewall Firmware Authentication VPN 63

Malwarebytes

JULY 28, 2021

Researchers at RandoriSec have found serious vulnerabilities in the firmware provided by UDP Technology to Geutebrück and many other IP camera vendors. According to the researchers the firmware supplier UDP Technology fails to respond to their reports despite numerous mails and LinkedIn messages. History lessons. Mitigation.

Firmware 126

Firmware Technology Authentication IoT 126

Security Affairs

APRIL 1, 2022

Zyxel issued security updates for a critical vulnerability that affects some of its business firewall and VPN devices. Networking equipment vendor Zyxel has pushed security updates for a critical flaw, tracked as CVE-2022-0342 (CVSS 9.8), that affects some of its business firewall and VPN products. Patch 1 VPN ZLD V4.30

Firewall 105

Firewall VPN Firmware Authentication 105

Krebs on Security

JUNE 15, 2023

The directive applies to any networking devices — such as firewalls, routers and load balancers — that allow remote authentication or administration. The researchers found that just being able to reach the management interface for a vulnerable Fortinet SSL VPN appliance was enough to completely compromise the devices.

Risk 268

Risk VPN Internet Internet 268

Security Boulevard

APRIL 17, 2025

They were strategic, persistent, and laser-focused on exploiting firewall and VPN weak points to establish long-term control over sensitive systems. Firewalls and VPNs are no longer the line of defense. But as networks have grown more complex and workforces have gone hybrid, VPNs have become both overextended and overexposed.

Firewall 64

Firewall VPN Encryption Architecture 64

Security Affairs

APRIL 28, 2023

The vulnerability is an improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.50

Firewall 98

Firewall Firmware VPN Authentication 98

Security Affairs

JULY 15, 2021

x firmware in an imminent ransomware campaign using stolen credentials.” “The exploitation targets a known vulnerability that has been patched in newer versions of firmware.” The network equipment vendor is now urging customers to update the firmware of their devices as soon as possible. “If 34 or 9.0.0.10

Firmware 116

Firmware Ransomware Passwords Mobile 116

eSecurity Planet

OCTOBER 1, 2021

The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have released guidance and best practices for securing virtual private network (VPN) solutions. What might be most striking about the document is how many security steps and solutions it takes to properly secure VPN connections.

VPN 109

VPN Authentication Passwords Software 109

The Last Watchdog

MAY 23, 2022

They require integrity, authentication, trusted identity and encryption. Protocols and policies setting new parameters for trusted connections are being hammered out and advanced encryption, authentication and data protection solutions are being ramped up. Related: Leveraging PKI to advance electronic signatures.

Digital transformation 214

Digital transformation Cybersecurity Computers and Electronics Encryption 214

Security Affairs

JUNE 23, 2021

A critical vulnerability, tracked as CVE-2021-20019 , in SonicWall VPN appliances was only partially patched last year and could allow a remote attacker to steal sensitive data. The flaw resides in the HTTP/HTTPS service used for product management as well as SSL VPN remote access. “An reads the analysis published by Tripwire.

VPN 127

VPN Firewall Firmware Authentication 127

Security Affairs

JUNE 20, 2023

The vulnerability is a pre-authentication command injection issue that impacts the Zyxel NAS326 firmware versions prior to V5.21(AAZF.14)C0, 14)C0, NAS540 firmware versions prior to V5.21(AATB.11)C0, 11)C0, and NAS542 firmware versions prior to V5.21(ABAG.11)C0. ” reads the advisory published by Zyxel.

Firmware 98

Firmware Firewall Authentication VPN 98

Security Affairs

SEPTEMBER 7, 2022

flaw is classified as a format string vulnerability that resides in Zyxel NAS326 firmware versions prior to V5.21(AAZF.12)C0. Below is the list of affected models and the firmware patches released by the company. Zyxel addressed a critical vulnerability, tracked as CVE-2022-34747 , impacting its network-attached storage (NAS) devices.

Firewall 103

Firewall Firmware Authentication VPN 103

Security Affairs

JULY 3, 2023

Researchers reported that there are 490,000 Fortinet firewalls exposing SSL VPN interfaces on the internet, and roughly 69% of them are still vulnerable to CVE-2023-27997. For this reason, if the customer has SSL-VPN enabled, Fortinet is advising customers to take immediate action to upgrade to the most recent firmware release.

Firewall 98

Firewall VPN Firmware Internet 98

Security Affairs

NOVEMBER 14, 2023

The vulnerability is an improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP series firmware versions 4.60 through 5.35. ” reported the SektorCERT.

Cyber Attacks 137

Cyber Attacks Firmware Firewall VPN 137

Malwarebytes

JULY 15, 2021

The exploitation targets a known vulnerability that has been patched in newer versions of SonicWall firmware. x versions of the firmware. x firmware. x firmware versions. SSL-VPN 200/2000/400 (EOL 2013/2014) disconnect immediately and reset passwords. SMA 210/410/500v (Actively Supported) update firmware to 9.0.0.10-28sv

Ransomware 102

Ransomware Firmware VPN Passwords 102

Security Affairs

DECEMBER 27, 2021

The researchers performed reverse engineering of the firmware image for the COMpact 5500, version 7.8A However, it turns out that this information is not so secret after all, but can be retrieved without authentication from the path /about_state” reads the analysis published by the experts. “Firmware Update 8.2B

Firmware 111

Firmware Manufacturing Passwords Penetration Testing 111

Malwarebytes

APRIL 4, 2022

Zyxel says the vulnerability, listed as CVE-2022-0342 , is an authentication bypass vulnerability caused by the lack of a proper access control mechanism, which has been found in the CGI program of some firewall versions. The flaw could allow an attacker to bypass the authentication and obtain administrative access of the device.

Firewall 95

Firewall Firmware VPN Authentication 95

Security Affairs

JANUARY 14, 2024

The vulnerability is an improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP series firmware versions 4.60 through 5.35. reported the SektorCERT. “An

Firewall 134

Firewall Firmware Cyber Attacks VPN 134

Security Boulevard

FEBRUARY 17, 2025

Privacy Services Mullvad has partnered with Obscura VPN Mullvad Mullvad announces its partnership with ObscuraVPN; Mullvad WireGuard VPN servers can be used as the exit hop for the two-party VPN service offered by ObscuraVPN. When exploited, an authenticated attacker could elevate to SYSTEM level privileges.

Surveillance 52

Surveillance Data breaches VPN Malware 52

eSecurity Planet

MARCH 21, 2022

Using misconfigured multi-factor authentication (MFA) and an unpatched Windows vulnerability, Russian state-sponsored hackers were able to breach a non-governmental organization (NGO) and escalate privileges, the Cybersecurity and Infrastructure Security Agency (CISA) and the FBI revealed last week. Network Best Practices.

VPN 117

VPN Accountability Authentication Passwords 117

Security Affairs

JUNE 13, 2023

“A heap-based buffer overflow vulnerability [CWE-122] in FortiOS and FortiProxy SSL-VPN may allow a remote attacker to execute arbitrary code or commands via specifically crafted requests.” If the customer is not operating SSL-VPN the risk of this issue is mitigated – however, Fortinet still recommends upgrading.”

Firewall 98

Firewall VPN Firmware Manufacturing 98

Pen Test Partners

MARCH 30, 2025

IPMI vulnerabilities include authentication bypasses, credential leaks, and buffer overflows, particularly in Supermicro systems. Mitigations include using complex passwords, isolating IPMI on restricted networks, and regularly updating firmware despite infrequent patches. It monitors hardware data (e.g., This is a rating 10.0

Passwords 73

Passwords Firmware Authentication Media 73

eSecurity Planet

JANUARY 16, 2024

The problem: Ivanti announced two vulnerabilities that affect Ivanti Connect Secure VPN and Ivanti Policy Secure products. Potential results of the exploits include authentication bypass and command injection. According to Bitdefender, the thermostat does not validate the authenticity of a new firmware update. Versions 9.x

Firewall 109

Firewall Firmware IoT Authentication 109

IT Security Guru

JUNE 22, 2021

Check that your OS, applications and firmware are updated with appropriate patches. Any systems you have in place to allow staff to connect into your organisation remotely, including VPN. Authentication and access control, these include: Ensuring all passwords are changed from defaults. External systems. With CoCo: 2.

Passwords 106

Passwords Authentication Wireless Government 106

Security Affairs

SEPTEMBER 3, 2021

Install updates/patch operating systems, software, and firmware as soon as they are released. Use multifactor authentication with strong pass phrases where possible. Consider installing and using a VPN. hard drive, storage device, the cloud). Install and regularly update anti-virus and anti-malware software on all hosts.

Ransomware 118

Ransomware Passwords Backups Firmware 118

Security Affairs

APRIL 25, 2022

Install updates/patch operating systems, software, and firmware as soon as updates/patches are released. Use multifactor authentication where possible. Consider installing and using a virtual private network (VPN). hard drive, storage device, the cloud). Implement the shortest acceptable timeframe for password changes.

Ransomware 133

Ransomware Antivirus Passwords Malware 133

eSecurity Planet

JANUARY 22, 2024

The problem: The Unified Extensible Firmware Interface (UEFI) specification has an open-source network implementation, EDK II, with nine discovered vulnerabilities. The vulnerability also exists on GitHub Enterprise Server, but it can only be exploited by an authenticated user with an organization owner role. EPMM versions 11.10, 11.9

Authentication 113

Authentication Malware VPN Mobile 113

Security Affairs

OCTOBER 20, 2018

Meaning, authentication bypasses weren’t enough. CVE-2018-18472 – XXE and Unauthenticated Remote Command Execution in Axentra Hipserv NAS firmware. . It’s used in different devices from different vendors, the affected devices sharing the firmware are: Netgear Stora. Firmware Analysis. Summary of Our Findings.

Firmware 93

Firmware IoT VPN Authentication 93

Malwarebytes

SEPTEMBER 21, 2021

Enable multi-factor authentication (MFA). Multi-factor authentication is a great step to add in on every service that offers it. This could be a one-time login code sent via text, a code on an authenticator app, or a push notification, among others. Update your child’s device’s firmware.

Internet 132

Internet Internet Passwords Password Management 132

Security Affairs

MARCH 23, 2021

“GE strongly recommends users with impacted firmware versions update their UR devices to UR firmware Version 8.10, or greater to resolve these vulnerabilities. It allows sensitive information exposure without authentication.” Also recognize VPN is only as secure as the connected devices. ” states CISA.

Firmware 101

Firmware VPN Firewall Risk 101

Security Affairs

MARCH 19, 2022

Install updates/patch operating systems, software, and firmware as soon as updates/patches are released. Use multifactor authentication where possible. Consider installing and using a VPN. Ensure copies of critical data are not accessible for modification or deletion from the system where the data resides. Disable unused ports.

Ransomware 118

Ransomware DDOS Passwords Backups 118

Security Affairs

MARCH 16, 2022

As Duo’s default configuration settings allow for the re-enrollment of a new device for dormant accounts, the actors were able to enroll a new device for this account, complete the authentication requirements, and obtain access to the victim network.” ” reads the joint advisory. ” continues the analysis.

Accountability 98

Accountability Passwords Authentication Firmware 98

Malwarebytes

MARCH 17, 2021

To prevent attacks: Install security updates for operating systems, software, and firmware as soon as they are released. Use multi-factor authentication wherever possible. Consider installing and using a VPN. The FBI’s “Flash” alert includes these recommended mitigations for potential targets.

Education 114

Education Ransomware Phishing Passwords 114

Security Affairs

MARCH 26, 2021

Install updates/patch operating systems, software, and firmware as soon as they are released. • Use multifactor authentication where possible. Consider installing and using a VPN. hard drive, storage device, the cloud). Implement the shortest acceptable timeframe for password changes. The FBI does not encourage paying ransoms.

Ransomware 145

Ransomware Encryption Passwords Malware 145

Security Affairs

JULY 31, 2019

The list of flaws includes OS Command Injection, Unrestricted Upload of File with Dangerous Type, Cross-site Request Forgery, Small Space of Random Values, Cross-site Scripting, Exposure of Backup file to Unauthorized Control Sphere, Improper Authentication, and Use of Hard-coded Credentials. “Prima Systems FlexAir, Versions 2.3.38

Backups 88

Backups Authentication Advertising Firmware 88