Thu, 27 Feb 2020 21:39:17 +0100 
Had to administrate a ZyWALL at an external data centre until a year ago. It was never a device I was very comfortable with, but not the worst I have see. This vulnerability is quite embarrassing.

#^Jetzt patchen! Zero-Day-Exploit für Firewalls und NAS von Zyxel in Umlauf

Angreifer könnten einige Netzwerkspeicher und Firewalls von Zyxel direkt über das Internet mit vergleichsweise wenig Aufwand komplett übernehmen.

#^Zyxel security advisory for the remote code execution vulnerability of NAS and firewall products
Zyxel NAS (Network Attached Storage) and firewall products are affected by a remote code execution vulnerability. Users are advised to install the hotfixes or follow the workaround immediately for optimal protection.

#^ZyXEL pre-authentication command injection in weblogin.cgi
Block access to the ZyXEL device web interface
This issue can be mitigated by blocking (for example with a firewall) access to the web interface (80/tcp and 443/tcp) of any vulnerable ZyXEL device. Any machine that can access the ZyXEL web interface should not also be able to access the internet.
Of course the access to the web interface was restricted by IP filter, but how is this supposed to work when my machine should not also be able to access the internet? :confused