Zyxel is a trademark name that is used by both Zyxel Communications Corp. and Zyxel Networks, two companies that are involved in the production of networking equipment as well as the provision of services to communications service providers. Zyxel firms have their headquarters in Hsinchu, Taiwan, with branch offices all around the world, including in North America, Europe, and Asia.
Zyxel products are used by large businesses, which means that any vulnerabilities in them that might be exploited rapidly attract the attention of threat actors.
Zyxel has released a security warning to inform administrators about several vulnerabilities that are present in a diverse selection of its firewall, access point (AP), and access point controller (AP controller) devices.
Even though the vulnerabilities do not have a critical severity rating, they are still important when taken by themselves and may be utilized by threat actors as links in exploit chains.
A cross-site scripting vulnerability was identified in the CGI program of some firewall versions that could allow an attacker to obtain some information stored in the user’s browser, such as cookies or session tokens, via a malicious script.