Zyxel, a networking equipment manufacturer, has released security fixes for critical vulnerability that affects some of its business firewall and VPN products that could allow an attacker to gain control of the devices.
Zyxel said in an advisory published this week, “An authentication bypass vulnerability caused by the lack of a proper access control mechanism has been found in the CGI program of some firewall versions,”
“The flaw could allow an attacker to bypass the authentication and obtain administrative access to the device.”
The security vulnerability has been assigned the identifier CVE-2022-0342 which has a severity rating of 9.8 out of 10. Alessandro Sgreccia of Tecnical Service Srl and Roberto Garcia H and Victor Garcia R of Innotec Security are credited with reporting the flaw.
While there is no evidence that the vulnerability has been exploited in the wild, users should upgrade their firmware to avoid any potential threats.