Cybersecurity Battle Rams: Zyxel vs. Nikita Abramov
Positive Technologies expert found six vulnerabilities in Zyxel equipment.
Zyxel, a manufacturer of network devices, thanked expert Positive Technologies Nikita Abramov for identifying six hardware vulnerabilities. Five of these errors are of high severity. The vendor has been made aware of the threat as part of its responsible disclosure policy and has issued updates to address the deficiencies.
According to monitoring conducted by Positive Technologies specialists, about 23,000 devices could be affected by errors. Almost 8 thousand such systems were found in Italy, 4.5 thousand in France, more than 2 thousand in the Czech Republic and the USA. Russia in this list takes the eighth place with more than 680 devices.
“The most dangerous are vulnerabilities CVE-2023-22913 And CVE-2023-22916 , which received a score of 8.1 points on the CVSS v3.1 scale,” said Nikita Abramov, a specialist in the Positive Technologies application analysis department. “These two bugs allowed an attacker to remotely inject arbitrary system commands into application code and execute them on a firewall. An attacker could disable the equipment, causing a denial of service, disable some security features, or change some of the configuration data. Any of the described actions is an unacceptable event in relation to the normal operation of the firewall. An alternative scenario for exploiting unprotected devices is the deployment of a botnet. Such networks are widely used by hackers.”
Two other vulnerabilities CVE-2023-22915 And CVE-2023-22917 , received a score of 7.5 points. The operation of the first could lead to a denial of service for the firewall, while the second allowed downloading a malicious file and gaining control over the device. Slightly lower rated danger CVE-2023-22914 (7.2 points). An authenticated attacker with administrator rights could execute unauthorized operating system commands in one of the firewall’s temporary file storage folders.
In its turn, vulnerability CVE-2023-22918 (6.5 points) was dangerous for both firewalls and Zyxel access points. It potentially allowed an authenticated attacker to obtain encrypted administrator information on a device. Using this information and publicly available scripts, you can decrypt data, including user passwords.
To eliminate vulnerabilities, you need to be guided recommendations manufacturer.
In early 2023, Zyxel is already eliminated four shortcomings discovered by Nikita Abramov in several series of Wi-Fi routers and other devices.