Zyxel Firewall Vulnerability Again in Attacker Crosshairs

In the ever-evolving landscape of cybersecurity, it seems that old vulnerabilities are never fully out-of-sight for hackers.

With recent developments, we have data indicating that attackers have set their crosshairs on a two-year-old vulnerability in Zyxel firewalls for potential exploitation.

The vulnerability

Codenamed CVE-2019-10700, the vulnerability exists in the web-login portal of the Zyxel USG, ATP, VPN, and ZyWALL series devices which bases its firmware on the ZLD codebase.

If successfully exploited, this vulnerability can give an attacker administrative rights and potentially provide unrestricted access to the firewall’s network.

This is a command injection vulnerability whereby an attacker can send commands that the system runs with root privileges.

The targeted firmwares still have their commands wrapped in the weblogin.cgi process, leaving an avenue for command injection.

Current Exploitation Attempts

GreyNoise, a cybersecurity intelligence firm, recently raised the alarm that they have observed increased exploitation attempts towards this Zyxel vulnerability.

Hackers are apparently scanning the internet for exposed, vulnerable devices, and launching attacks in an automated fashion.

The firm also noted that the attacks originated from multiple sources globally, making it a concerted campaign rather than an isolated case of exploitation.

The Original Fix and Ongoing Threat

Zyxel released patches addressing this vulnerability back in 2019, yet it seems a sizeable number of devices still run outdated firmware.

The lingering threat posed by this vulnerability arises from network administrators not updating the firmware of their Zyxel devices.

The two-year gap between patch release and current exploits stands as a stark reminder of the importance of maintaining current patch levels.

Actionable Advice

Given the current climate, it is essential for organisations to ensure they have applied the necessary patches to their Zyxel firewalls.

It’s prudent to conduct audits of network devices, verifying they run updated firmware versions to ward off potential exploits.

Cybersecurity professionals and network administrators need to remain vigilant and tackle outdated device firmware as a high priority risk.

Looking Forward

The resurgence of interest from attackers in exploiting this two-year-old vulnerability gives us valuable insight into their strategic outlook.

It’s a stark reminder that even seemingly outdated threats can resurface with renewed intensity.

In the ongoing battle for network security, staying one step ahead requires diligence, consistently monitoring for new threats and ensuring to patch promptly.

Follow-Up Reading:

• Zyxel Fixes 0day in Network Storage Devices – BleepingComputer
• Zyxel Releases Patch for Critical Flaw in Its Firewall Products – SecurityWeek
• Zyxel Vulnerability: An Attacker’s Gateway to Securing Firewalls – CyberScoop