re: Zyxel VPN Series Pre-auth Remote Command Execution


On January 25, 2024, SSD Secure Disclosure posted a disclosure titled Zyxel VPN Series Pre-auth Remote Command Execution. The writeup describes an unauthenticated remote command injection vulnerability affecting Zyxel VPN firewalls. That caught VulnCheck researchers attention.

The Zyxel VPN series has appeared on the CISA KEV four times now, and the original disclosure didn’t mention a CVE. We were very interested in the implied inadvertent patching and wanted to figure out if the vulnerability had been exploited in the wild. VulnCheck team quickly learned from Zyxel PSIRT that this was not inadvertently patched.

Read more…
Source: VulnCheck