Zyxel Firewalls have become a common target in recent hacks, with attackers exploiting a critical flaw to propagate the malicious Helldown ransomware. The German CERT (CERT-Bund) has published a warning alongside Zyxel, highlighting the scope of these assaults and the immediate steps that organisations must take to secure their network devices.
The attacks are linked to a vulnerability in the Zyxel ZLD firmware, CVE-2024-11667, which impacts the Zyxel ATP and USG FLEX firewall series. Five German businesses are believed to have been targeted by these assaults, highlighting the growing threats of leaving such vulnerabilities unpatched.
The root cause is CVE-2024-11667, a directory traversal vulnerability in the Zyxel ZLD firmware (versions 4.32 to 5.38). This vulnerability allows attackers to circumvent security protections and upload or download files using meticulously generated URLs.
Cybercriminals can exploit this flaw to acquire unauthorised system access, steal credentials, and establish backdoor VPN connections, sometimes without network administrators’ knowledge. The devices that are most vulnerable are those running ZLD firmware versions 4.32 to 5.38, with remote management or SSL VPN enabled. Importantly, this vulnerability does not affect devices managed by the Nebula cloud management s
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: