Zyxel Patches Remote Code Execution Bug in Firewall Products


Taiwanese networking vendor Zyxel has released patches for multiple vulnerabilities in its firewall and access point products that could expose users to remote code execution, command injection, and denial-of-service attacks. The flaws include a null pointer dereference vulnerability, post-authentication command injection, format string vulnerabilities, and more. Users are urged to apply patches and hotfixes to mitigate the risks. Zyxel has faced previous security issues and has acknowledged its devices being used in DDoS-capable botnets.

Read More…