Zyxel warns of critical vulnerabilities in firewall and VPN devices
Zyxel is warning customers of two critical-severity vulnerabilities in several of its firewall and VPN products that attackers could leverage without authentication. [...]
Zyxel makes networking devices and software whose vulnerabilities, security advisories, and updates can affect access controls, data, and connected networks.
Search across headline titles and summaries.
Background for this topic.
Zyxel is a networking-equipment vendor whose products include routers, firewalls and VPN gateways, switches, wireless access points, and some network-attached storage devices. These systems provide connectivity and, in many deployments, sit at the network edge or enforce access between internal networks and the internet. Their firmware and web-based administration interfaces are therefore central to how the equipment is configured and secured.
Security advisories for Zyxel devices matter because flaws in firmware or management services can enable unauthorized administration, configuration changes, or access through exposed WAN, VPN, or web interfaces. Risk depends on the affected model, firmware version, exposure, and configuration; it is not uniform across the product range. Defenders should maintain an accurate device inventory, track model-specific advisories, restrict management access to trusted networks, disable unnecessary internet-facing services, and apply supported updates promptly. Devices that are end-of-support or cannot be patched may require isolation or replacement, while logs and configuration changes can help identify attempted compromise.
Zyxel is warning customers of two critical-severity vulnerabilities in several of its firewall and VPN products that attackers could leverage without authentication. [...]