Zyxel firewall vulnerabilities left business networks open to abuse


Following the identification of two security flaws that exposed corporate networks to exploitation, Zyxel has published updates for a number of its firewall devices.

The first vulnerability on the list is CVE-2022-2030, an authenticated directory traversal flaw in some Zyxel firewalls’ Common Gateway Interface (GLI) programmes. This was brought on by specific character combinations in a URL that had not been properly sanitised. Read More…