Zyxel is a trademark name that is used by both Zyxel Communications Corp. and Zyxel Networks, two companies that are involved in the production of networking equipment as well as the provision of services to communications service providers. Zyxel firms have their headquarters in Hsinchu, Taiwan, with branch offices all around the world, including in North America, Europe, and Asia.
Hackers have begun to take advantage of a new severe vulnerability that affects the Zyxel firewall and VPN equipment for commercial use.
CVE-2022-30525 is a command injection vulnerability in the CGI program of some firewall versions that could allow an attacker to modify specific files and then execute some OS commands on a vulnerable device.
As explained by BleepingComputer, if the exploit is successful, a remote attacker is granted the ability to inject arbitrary commands without requiring authentication from a remote location. This may make it possible to set up a reverse shell.
On April 28, Zyxel released firmware that fixed an unauthenticated and remote command injection I’d found in their firewalls: USG FLEX series, ATP series, and USG20-VPN/USG20w-VPN. This was assigned CVE-2022-30525. We published our advisory this morning: https://t.co/lJF3kXoCok
— Jacob Baines (@Junior_Baines) May 12, 2022