On Thursday, 12 May 2022, Zyxel released a patch advisory for an unauthenticated remote code execution (RCE) vulnerability in their line of Firewall products tracked as CVE-2022-30525. The exploitation of this vulnerability can allow a threat actor to modify specific files and execute code remotely on a vulnerable appliance.
Proof of Concept (PoC) exploit code for this vulnerability has been made publicly available via multiple sources. This has led to threat actors beginning to exploit this vulnerability in the wild through opportunistic attacks. Arctic Wolf assesses this vulnerability to be a high risk and strongly recommends you identify if they are using any of the below impacted Zyxel products and apply applicable patches promptly.
|Affected model||Affected firmware version||Patch availability|
|USG FLEX 100(W), 200, 500, 700||ZLD V5.00 through ZLD V5.21 Patch 1||ZLD V5.30|
|USG FLEX 50(W) / USG20(W)-VPN||ZLD V5.10 through ZLD V5.21 Patch 1||ZLD V5.30|
|ATP series||ZLD V5.10 through ZLD V5.21 Patch 1||ZLD V5.30|
|VPN series||ZLD V4.60 through ZLD V5.21 Patch 1||ZLD V5.30|