Zyxel warns of critical command injection flaw in NAS devices
Zyxel is warning its NAS (Network Attached Storage) devices users to update their firmware to fix a critical severity command injection vulnerability. [...]
Stay updated on firmware security: Explore the latest threats, updates, and protection strategies for safeguarding critical system software.
Search across headline titles and summaries.
Background for this topic.
Firmware is software stored in a device’s nonvolatile memory that initializes and controls hardware, often before an operating system or application runs. It may reside in computers, network equipment, phones, industrial controllers, storage devices, and embedded components. Firmware can be updated, so it is not necessarily permanent or read-only.
Firmware matters to security because vulnerabilities or unauthorized changes can affect a device beneath the operating system and may persist across software reinstallation. Important controls include authenticated, cryptographically signed updates; secure boot, which verifies code before execution; protection against unauthorized flashing and downgrade attacks; and a reliable recovery mechanism. Practitioners also need firmware inventories, vulnerability tracking, and a supported update process, since obscure components can remain unpatched or use insecure update mechanisms. During an investigation, verifying firmware integrity and the device’s boot chain can help distinguish an operating-system compromise from a deeper modification.
Zyxel is warning its NAS (Network Attached Storage) devices users to update their firmware to fix a critical severity command injection vulnerability. [...]
ASUS has released new firmware with cumulative security updates that address vulnerabilities in multiple router models, warning customers to immediately update their devices or restrict WAN access until they're secured. [...]