Zyxel releases patches to Fix 15 Flaws NAS, Firewall, and AP Devices

Zyxel released patches for 15 security issues affecting network-attached storage (NAS), firewall, and access point (AP) devices. The fixes address critical flaws that could allow authentication bypass and command injection.

The three vulnerabilities are listed below :

• Alert
• Vulnerabilities

Eight New ICS Advisories released by CISA

By infosecbulletin / Saturday , December 21 2024

CISA has released eight advisories on vulnerabilities in Industrial Control Systems (ICS). These vulnerabilities affect essential software and hardware in...

Read More

• Cyber Attack
• Ransomware

Authority Denies
Hacker claim ransomware attack on Indonesia’s state bank BRI

By infosecbulletin / Friday , December 20 2024

Bank Rakyat Indonesia (BRI), the largest state bank by assets, has assured customers that their data and funds are secure...

Read More

• Data Breach

London-based company “Builder.ai” reportedly exposed 1.2 TB data

By infosecbulletin / Friday , December 20 2024

Cybersecurity researcher Jeremiah Fowler reported to Website Planet that he found a non-password-protected 1.2 TB dataset containing over 3 million...

Read More

• Alert
• Vulnerabilities

(CVE-2024-12727, CVE-2024-12728, CVE-2024-12729)
Sophos resolved 3 critical vulnerabilities in Firewall

By infosecbulletin / Friday , December 20 2024

Sophos has fixed three separate security vulnerabilities in Sophos Firewall.  The vulnerabilities CVE-2024-12727, CVE-2024-12728, and CVE-2024-12729 present major risks, such...

Read More

• Event
• National

“Workshop on Cybersecurity Awareness and Needs Analysis” held at BBTA

By infosecbulletin / Thursday , December 19 2024

A time-demanding workshop on "Cybersecurity Awareness and Needs Analysis" was held on Thursday (December 19) at Bangladesh Bank Training Academy...

Read More

• Alert
• Vulnerabilities

CVE-2023-48788
Kaspersky reveals active exploitation of Fortinet Vulnerability

By infosecbulletin / Thursday , December 19 2024

Kaspersky's Global Emergency Response Team (GERT) found that attackers are exploiting a patched SQL injection vulnerability (CVE-2023-48788) in Fortinet FortiClient...

Read More

• Hot Topic
• International

U.S. Weighs Ban on Chinese-Made Router TP-Link: WSJ reports

By infosecbulletin / Wednesday , December 18 2024

The US government is considering banning a well-known brand of Chinese-made home internet routers TP-Link due to concerns that they...

Read More

• Daily Security Update

Daily Security Update Dated: 18.12.2024

By infosecbulletin / Wednesday , December 18 2024

Every day a lot of cyberattack happen around the world including ransomware, Malware attack, data breaches, website defacement and so...

Read More

• Uncategorized

CISA released best practices to secure Microsoft 365 Cloud environments

By infosecbulletin / Wednesday , December 18 2024

CISA has issued Binding Operational Directive (BOD) 25-01, requiring federal civilian agencies to improve the security of their Microsoft 365...

Read More

• Uncategorized

Data breach! Ireland fines Meta $264 million, Australia $50m

By infosecbulletin / Wednesday , December 18 2024

The Irish Data Protection Commission fined Meta €251 million ($263.6 million) for GDPR violations related to a 2018 data breach...

Read More

CVE-2023-35138 (CVSS score: 9.8):

There is a vulnerability that allows an attacker to execute operating system commands using an HTTP POST request, even without authentication.

CVE-2023-4473 (CVSS score: 9.8):

A vulnerability in the web server allows an attacker to execute commands on a device by sending a specific URL.

CVE-2023-4474 (CVSS score: 9.8):

An unauthenticated attacker could execute OS commands by sending a manipulated URL to a vulnerable device.

Zyxel has fixed three high-severity flaws (CVE-2023-35137, CVE-2023-37927, and CVE-2023-37928). These flaws could be used by attackers to gather system information and run commands. It is important to mention that both CVE-2023-37927 and CVE-2023-37928 require authentication.

The flaws impact the following models and versions :

NAS326 – versions V5.21(AAZF.14)C0 and earlier (Patched in V5.21(AAZF.15)C0)
NAS542 – versions V5.21(ABAG.11)C0 and earlier (Patched in V5.21(ABAG.12)C0)

The advisory warns about nine flaws found in firewall and access point versions sold by Taiwanese networking vendor. Some of these flaws could allow unauthorized access to system files and administrator logs, or cause a denial-of-service condition.