In a warning to its customers today, Zyxel has notified them of a vulnerability that poses a risk for RCE attacks. The issue affects three models of the company’s network-attached storage products.
The cybersecurity analysts at Zyxel have tracked the vulnerability as “CVE-2022-34747.” Through the use of a crafted UDP packet, a malicious attacker could be able to achieve RCE without the user’s knowledge.
On June 2022, this vulnerability was discovered by the security expert Shaposhnikov Ilya. Therefore, over the course of the next few months, Zyxel progressively released security updates for the affected models under the affected model number.
A series of Zyxel products are affected by this flaw, including:-
In recent years, hackers have become increasingly adept at hacking NAS devices. A hacker can steal your sensitive and personal information if you do not take precautions or keep your software up-to-date in order to protect yourself.
Not only that, data can even be permanently deleted in some instances if they are extremely persistent and deploy ransomware as well. While the latest firmware update for Zyxel devices can be downloaded by visiting Zyxel’s official download portal.
There have been multiple vulnerabilities identified across multiple products by Zyxel and they have been addressed through security updates released in May 2022.
All of these scenarios are threatening, but ransomware is the most common and the most dangerous among them. It is clear that ransomware is the best method for threat actors to monetize their success if it is successfully exploited.
Secure Azure AD Conditional Access – Download Free White Paper
A critical security flaw has been uncovered in certain TP-Link routers, potentially allowing malicious actors…
SilkSpecter, a Chinese financially motivated threat actor, launched a sophisticated phishing campaign targeting e-commerce shoppers…
The research revealed how threat actors exploit SEO poisoning to redirect unsuspecting users to malicious…
Black Basta, a prominent ransomware group, has rapidly gained notoriety since its emergence in 2022…
CVE-2024-52301 is a critical vulnerability identified in Laravel, a widely used PHP framework for building…
A critical vulnerability has been discovered in the popular "Really Simple Security" WordPress plugin, formerly…