Security Affairs

APRIL 1, 2022

Zyxel issued security updates for a critical vulnerability that affects some of its business firewall and VPN devices. Networking equipment vendor Zyxel has pushed security updates for a critical flaw, tracked as CVE-2022-0342 (CVSS 9.8), that affects some of its business firewall and VPN products. Patch 1 VPN ZLD V4.30

Firewall 105

Firewall VPN Firmware Authentication 105

Security Affairs

SEPTEMBER 29, 2021

CISA and the NSA agencies have published guidance for securely using virtual private network (VPN) solutions. Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) have released guidance for increasing the security of virtual private network (VPN) solutions.

VPN 144

VPN Government Firmware Authentication 144

Security Affairs

FEBRUARY 18, 2025

The two vulnerabilities are: CVE-2025-0108 Palo Alto PAN-OS Authentication Bypass Vulnerability CVE-2024-53704 SonicWall SonicOS SSLVPN Improper Authentication Vulnerability Researchers recently warned that threat actors exploit a recently disclosed vulnerability, CVE-2025-0108, in Palo Alto Networks PAN-OS firewalls. states GreyNoise.

Firewall 63

Firewall Firmware Authentication VPN 63

Bleeping Computer

MARCH 31, 2022

Network equipment company Zyxel has updated the firmware of several of its business-grade firewall and VPN products to address a critical-severity vulnerability that could give attackers administrator-level access to affected devices. [.].

Firewall 77

Firewall VPN Firmware 77

Security Affairs

APRIL 28, 2023

A vulnerability impacting Zyxel firewalls, tracked as CVE-2023-28771, can be exploited to execute arbitary code on vulnerable devices. Researchers from TRAPA Security have discovered a critical remote code execution vulnerability, tracked as CVE-2023-28771 (CVSS score 9.8), impacting Zyxel Firewall. through 5.35. through 5.35.

Firewall 98

Firewall Firmware VPN Authentication 98

Security Affairs

JUNE 1, 2023

Threat actors are actively exploiting a command injection flaw, tracked as CVE-2023-28771, in Zyxel firewalls to install malware. Threat actors are actively attempting to exploit a command injection vulnerability, tracked as CVE-2023-28771 , that impacts Zyxel firewalls. in its firewall devices. VPN ZLD V4.60

Firewall 98

Firewall Firmware VPN DDOS 98

Security Affairs

MAY 13, 2022

Zyxel addressed a critical flaw affecting Zyxel firewall devices that allows unauthenticated, remote attackers to gain arbitrary code execution. affecting Zyxel firewall devices that enables unauthenticated and remote attackers to gain arbitrary code execution as the “nobody” user. USG FLEX 50(W) / USG20(W)-VPN ZLD V5.10

Firewall 98

Firewall Firmware VPN Wireless 98

Malwarebytes

JULY 28, 2021

Researchers at RandoriSec have found serious vulnerabilities in the firmware provided by UDP Technology to Geutebrück and many other IP camera vendors. According to the researchers the firmware supplier UDP Technology fails to respond to their reports despite numerous mails and LinkedIn messages. History lessons. Mitigation.

Firmware 123

Firmware Technology Authentication IoT 123

Security Affairs

JULY 3, 2023

Researchers reported that there are 490,000 Fortinet firewalls exposing SSL VPN interfaces on the internet, and roughly 69% of them are still vulnerable to CVE-2023-27997. For this reason, if the customer has SSL-VPN enabled, Fortinet is advising customers to take immediate action to upgrade to the most recent firmware release.

Firewall 98

Firewall VPN Firmware Internet 98

Krebs on Security

JUNE 25, 2021

The My Book Live and My Book Live Duo devices received its final firmware update in 2015. The NVD’s advisory credits VPN reviewer Wizcase.com with reporting the bug to Western Digital three years ago, back in June 2018. We understand that our customers’ data is very important.

Internet 339

Internet Internet Backups Small Business 339

eSecurity Planet

JANUARY 16, 2024

Keep an eye out for security announcements from your firewall vendors; it’s possible additional similar vulnerabilities will come to light. The problem: Juniper Networks released a bulletin about a remote code execution vulnerability in its SRX firewalls and EX switches. This vulnerability is tracked as CVE-2024-21591.

Firewall 110

Firewall Firmware IoT Authentication 110

Malwarebytes

APRIL 4, 2022

In a security advisory Zyxel has urged customers to update because a security flaw can lead to the circumvention of firewall protection in several Zyxel products. Affected series Affected firmware version Patch availability USG/ZyWALL ZLD V4.20 Patch 1 VPN ZLD V4.30 The vulnerability. through ZLD V4.70 USG FLEX ZLD V4.50

Firewall 90

Firewall Firmware VPN Authentication 90

Security Affairs

MAY 17, 2022

US Critical Infrastructure Security Agency (CISA) adds critical CVE-2022-30525 RCE flaw in Zyxel Firewalls to its Known Exploited Vulnerabilities Catalog. affecting Zyxel firewall devices that enables unauthenticated and remote attackers to gain arbitrary code execution as the “nobody” user. USG FLEX 50(W) / USG20(W)-VPN ZLD V5.10

Firewall 98

Firewall VPN Firmware Internet 98

Krebs on Security

JUNE 15, 2023

The directive applies to any networking devices — such as firewalls, routers and load balancers — that allow remote authentication or administration. The researchers found that just being able to reach the management interface for a vulnerable Fortinet SSL VPN appliance was enough to completely compromise the devices.

Risk 272

Risk VPN Internet Internet 272

Security Affairs

JANUARY 15, 2025

A previously unknown threat actor released config files and VPN passwords for Fortinet FortiGate devices on a popular cybercrime forum. A previously unknown threat actor named Belsen Group published configuration files and VPN passwords for over 15,000 Fortinet FortiGate appliances. “2025 will be a fortunate year for the world.

VPN 90

VPN Passwords Firewall Firmware 90

Security Affairs

JUNE 13, 2023

“A heap-based buffer overflow vulnerability [CWE-122] in FortiOS and FortiProxy SSL-VPN may allow a remote attacker to execute arbitrary code or commands via specifically crafted requests.” If the customer is not operating SSL-VPN the risk of this issue is mitigated – however, Fortinet still recommends upgrading.”

Firewall 98

Firewall VPN Firmware Manufacturing 98

Security Affairs

JUNE 4, 2023

Zyxel has published guidance for protecting firewall and VPN devices from the ongoing attacks recently discovered. Zyxel has published guidance for protecting firewall and VPN devices from ongoing attacks exploiting CVE-2023-28771 , CVE-2023-33009 , and CVE-2023-33010 vulnerabilities. in its firewall devices.

Firmware 98

Firmware VPN Firewall Hacking 98

Security Affairs

JUNE 23, 2021

A critical vulnerability, tracked as CVE-2021-20019 , in SonicWall VPN appliances was only partially patched last year and could allow a remote attacker to steal sensitive data. The flaw resides in the HTTP/HTTPS service used for product management as well as SSL VPN remote access. “An 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v

VPN 128

VPN Firewall Firmware Authentication 128

Security Affairs

NOVEMBER 14, 2023

The attackers exploited zero-day vulnerabilities in Zyxel firewalls used by many critical infrastructure operators in Denmark. On April 25, 2023, Zyxel disclosed a critical vulnerability (CVSS score 9.8), tracked as CVE-2023-28771 , in a number of their firewalls. through 4.73, VPN series firmware versions 4.60

Cyber Attacks 138

Cyber Attacks Firmware Firewall VPN 138

Security Affairs

JANUARY 14, 2024

The attackers exploited zero-day vulnerabilities in Zyxel firewalls used by many critical infrastructure operators in Denmark. On April 25, 2023, Zyxel disclosed a critical vulnerability (CVSS score 9.8), tracked as CVE-2023-28771 , in a number of their firewalls. through 4.73, VPN series firmware versions 4.60

Firewall 134

Firewall Firmware Cyber Attacks VPN 134

DoublePulsar

JANUARY 15, 2025

Each folder then contains an IP address, and each IP address contains config.confa full Fortigate config dumpand vpn-users.txt, a plaintext list of credentials. Having a full device config including all firewall rules is a lot of information. The outlier device appears to have a pre-production version of firmware 7.2.2,

Firewall 79

Firewall VPN Passwords Firmware 79

Malwarebytes

MAY 26, 2023

Exploitation of these vulnerabilities could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and even a remote code execution on the affected Zyxell firewalls. Patch 1, USG FLEX series firmware versions 4.50 Patch 1, USG FLEX 50(W) firmware versions 4.25 Patch 1, USG20(W)-VPN firmware versions 4.25

Firmware 93

Firmware VPN Firewall Accountability 93

Security Affairs

JANUARY 6, 2021

The Taiwanese vendor Zyxel has recently addressed a critical vulnerability in its firmware, tracked as CVE-2020-29583 , related to the presence of a hardcoded undocumented secret account. Firmware version 4.60 The password for this account can be found in cleartext in the firmware.” reads the advisory published by NIST.

Firmware 124

Firmware Passwords Accountability VPN 124

Security Affairs

JUNE 20, 2023

The vulnerability is a pre-authentication command injection issue that impacts the Zyxel NAS326 firmware versions prior to V5.21(AAZF.14)C0, 14)C0, NAS540 firmware versions prior to V5.21(AATB.11)C0, 11)C0, and NAS542 firmware versions prior to V5.21(ABAG.11)C0. in its firewall devices.

Firmware 98

Firmware Firewall Authentication VPN 98

Security Affairs

SEPTEMBER 7, 2022

flaw is classified as a format string vulnerability that resides in Zyxel NAS326 firmware versions prior to V5.21(AAZF.12)C0. Below is the list of affected models and the firmware patches released by the company. Zyxel addressed a critical vulnerability, tracked as CVE-2022-34747 , impacting its network-attached storage (NAS) devices.

Firewall 103

Firewall Firmware Authentication VPN 103

Bleeping Computer

MAY 17, 2022

The Cybersecurity and Infrastructure Security Agency (CISA) has added two more vulnerabilities to its list of actively exploited bugs, a code injection bug in the Spring Cloud Gateway library and a command injection flaw in Zyxel firmware for business firewalls and VPN devices. [.].

Firmware 78

Firmware VPN Firewall Cybersecurity 78

Malwarebytes

JULY 15, 2021

The exploitation targets a known vulnerability that has been patched in newer versions of SonicWall firmware. x versions of the firmware. x firmware. x firmware versions. SSL-VPN 200/2000/400 (EOL 2013/2014) disconnect immediately and reset passwords. SMA 210/410/500v (Actively Supported) update firmware to 9.0.0.10-28sv

Ransomware 97

Ransomware Firmware VPN Passwords 97

Security Affairs

NOVEMBER 29, 2020

Experts was that vendors may have bought vulnerable versions of this stack before the 2012 update and are still using it in their firmware. “However, many vendors may have bought vulnerable versions of this stack prior to the 2012 update, starting in the early 2000s when it was first issued, and integrated it into their own firmware.

Hacking 140

Hacking Firmware Internet Internet 140

eSecurity Planet

APRIL 30, 2024

Setting up a firewall is the first step in securing your network. A successful firewall setup and deployment requires careful design, implementation, and maintenance to effectively improve your network integrity and data security. Verify that the chosen firewall can meet your security standards and functions.

Firewall 63

Firewall Architecture Firmware Risk 63

eSecurity Planet

OCTOBER 1, 2021

The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have released guidance and best practices for securing virtual private network (VPN) solutions. What might be most striking about the document is how many security steps and solutions it takes to properly secure VPN connections.

VPN 110

VPN Authentication Passwords Software 110

Security Affairs

JULY 22, 2023

Fortinet FortiGuard Labs researchers warned of multiple DDoS botnets exploiting a vulnerability impacting multiple Zyxel firewalls. The cause of the vulnerability is the improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35.

DDOS 98

DDOS Firmware VPN Firewall 98

Security Affairs

SEPTEMBER 4, 2019

The first issue is an information disclosure flaw via unauthenticated external DNS requests that affect Zyxel devices from the USG, UAG, ATP, VPN and NXC series. This FTP server can be accessed with hardcoded credentials that are embedded in the firmware of the AP. ” reads the advisory.

DNS 96

DNS Hacking Firmware Wireless 96

Security Affairs

APRIL 25, 2019

Rockwell has released firmware updates that address the vulnerability for the affected controllers. Below the recommendations published by Rockwell Automation to minimize the risk of exploitation of this vulnerability: Update to the latest available firmware revision that addresses the associated risk.

Firmware 101

Firmware Social Engineering Advertising Malware 101

Malwarebytes

MAY 13, 2021

If you have to use public WiFi hotspots, it’s wise to also use a VPN to keep your activity private while you use that connection. A VPN wraps your network traffic (including web browsing, email, and other things) in a protective tunnel and makes up for any weaknesses in their encryption. Always change default passwords.

Wireless 115

Wireless VPN Internet Internet 115

Security Affairs

MARCH 23, 2021

“GE strongly recommends users with impacted firmware versions update their UR devices to UR firmware Version 8.10, or greater to resolve these vulnerabilities. Locate control system networks and remote devices behind firewalls, and isolate them from the business network. ” continues the alert.

Firmware 102

Firmware VPN Firewall Risk 102

eSecurity Planet

MARCH 22, 2023

The tools also depend upon physical controls that should also be implemented against malicious physical access to destroy or compromise networking equipment such as routers, cables, switches, firewalls, and other networking appliances. Instead, organizations should use a virtual private network (VPN) solution.

Firewall 110

Firewall Network Security Penetration Testing Encryption 110

eSecurity Planet

MAY 19, 2022

EdgeConnect Enterprise critically comes with firewall , segmentation , and application control capabilities. With Aruba, clients can also bundle SD-WAN coverage with the company’s security solutions for virtual private network ( VPN ), network access control ( NAC ), and unified threat management ( UTM ).

Firewall 121

Firewall Architecture Encryption Network Security 121