Zyxel Firewall SetWanPortSt command injection

Added: 05/20/2022

Background

Zyxel Firewalls are a business solution providing protection from malware and unauthorized access.

Problem

Zyxel USG FLEX, ATP series, and VPN series firewalls are affected by a vulnerability in the SetWanPortSt command which could allow an attacker to inject arbitrary commands.

Resolution

Apply patch ZLD V5.30 or higher.

References

https://www.zyxel.com/us/en/support/Zyxel-security-advisory-for-OS-command-injection-vulnerability-of-firewalls.shtml

Platforms

Zyxel

Back to exploit index