Zyxel has relased an advisory about a vulnerability thats active exploited in attempts by threat actors targeting their firewall products and detailed the required steps to safeguard from potential attacks
The vulnerability under exploitation is tracked as CVE-2024-11667 with a CVSS score of 7.5, is a directory traversal vulnerability present in the web management interface of Zyxel ZLD firewall firmware versions 5.00 through 5.38.
The vulnerability allows malicious actors to download or upload unauthorized files through a specially crafted URL, thereby compromising the security of affected devices.
It has been fixed in the latest firmware version 5.39, which was made available on September 3, 2024, and includes a series of crucial security enhancements designed to block these exploit attempts. Users operating on firmware version 5.39 or later are reportedly safe from this specific threat.
As per the analysis report, Helldown ransomware exemplifies the evolving nature of these threats.
To protect from such exploitation and intrusion activities, it is imperative to take immediate mitigation steps
- Changing all passwords associated with Zyxel firewalls is essential to prevent potential unauthorized access.
- Organizations should also monitor for any new or unknown user accounts that might have been created by attackers.
- Implementing two-factor authentication, especially for administrative accounts, adds an extra layer of security crucial in the current threat environment.
- Enabling comprehensive monitoring protocols can help detect unusual activities early and mitigate risks effectively.
