Hackers are exploiting critical bug in Zyxel firewalls and VPNs
Hackers have started to exploit a recently patched critical vulnerability, tracked as CVE-2022-30525, that affects Zyxel firewall and VPN devices for businesses. Successful exploitation allows a remote attacker to inject arbitrary commands remotely without authentication, which can enable setting up a reverse shell. The severity of the security issue and the damage it could lead to is serious enough for the NSA Cybersecurity Director Rob Joyce to warn users about exploitation and encourage them to update the device firmware version if it is vulnerable. Starting Friday the 13th, security experts at the nonprofit Shadowserver Foundation reported seeing exploitation attempts for CVE-2022-30525. It is unclear if these efforts are malicious or just researchers working to map up Zyxel devices currently exposed to adversary attacks. Given the severity of the vulnerability and the popularity of the devices, security researchers have released code that should help administrators detect the security flaw and exploitation attempts.