• Menu
  • Skip to main content
  • Skip to primary sidebar

All Tech News

Latest Technology News

Zyxel Issues Patches for 4 New Flaws Affecting AP, API Controller and Firewall Devices

You are here: Home / Cyber Security News / Zyxel Issues Patches for 4 New Flaws Affecting AP, API Controller and Firewall Devices

Zyxel has released patches to deal with 4 security flaws affecting its firewall, AP Controller, and AP goods to execute arbitrary functioning method instructions and steal find details.

The checklist of security vulnerabilities is as follows –

  • CVE-2022-0734 – A cross-internet site scripting (XSS) vulnerability in some firewall variations that could be exploited to accessibility info saved in the user’s browser, such as cookies or session tokens, by using a malicious script.
  • CVE-2022-26531 – A number of input validation flaws in command line interface (CLI) commands for some versions of firewall, AP controller, and AP gadgets that could be exploited to result in a procedure crash.
  • CVE-2022-26532 – A command injection vulnerability in the “packet-trace” CLI command for some versions of firewall, AP controller, and AP products that could lead to execution of arbitrary OS instructions.
  • CVE-2022-0910 – An authentication bypass vulnerability affecting pick firewall variations that could allow an attacker to downgrade from two-component authentication to one particular-factor authentication by means of an IPsec VPN shopper.

CyberSecurity

Whilst Zyxel has posted software program patches for firewalls and AP devices, hotfix for AP controllers affected by CVE-2022-26531 and CVE-2022-26532 can be obtained only by speaking to the respective local Zyxel assist groups.

The growth comes as a critical command injection flaw in decide on versions of Zyxel firewalls (CVE-2022-30525, CVSS score: 9.8) has occur beneath lively exploitation, prompting the U.S. Cybersecurity and Infrastructure Security Agency to increase the bug to its Regarded Exploited Vulnerabilities Catalog.

Identified this short article exciting? Adhere to THN on Fb, Twitter  and LinkedIn to read more distinctive content material we write-up.

Some parts of this article are sourced from:
thehackernews.com

Previous Post: « PayPal has been laying off workers to reduce costs
Next Post: Microsoft confirms it's taking a 'new approach' with its game streaming device »

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Recent Posts

  • WordPress Sites Turned Weapon: How VexTrio and Affiliates Run a Global Scam Network
  • New TokenBreak Attack Bypasses AI Moderation with Single-Character Text Changes
  • AI Agents Run on Secret Accounts — Learn How to Secure Them in This Webinar
  • Zero-Click AI Vulnerability Exposes Microsoft 365 Copilot Data Without User Interaction
  • Non-Human Identities: How to Address the Expanding Security Risk

Copyright © 2025 · AllTech.News, All Rights Reserved.