CyberSecurityBoard
Sponsor Register Login

Zyxel Authorization Bypass Vulnerability Exposes Devices to Unauthorized Access

A critical authorization bypass vulnerability has been discovered in Zyxel network devices, allowing attackers to gain unauthorized access and potentially control affected systems. This security flaw impacts multiple Zyxel products, exposing them to risks such as data breaches, network infiltration, and further exploitation by malicious actors. The vulnerability arises from improper access control mechanisms, enabling attackers to bypass authentication and execute commands remotely. Zyxel has released security advisories urging users to update their firmware immediately to mitigate the threat. Cybersecurity professionals recommend network administrators to apply patches promptly, monitor network traffic for suspicious activities, and implement additional security layers to protect their infrastructure. This incident underscores the importance of regular vulnerability assessments and timely patch management in safeguarding network devices against evolving cyber threats. Staying informed about such vulnerabilities and adopting proactive security measures are crucial steps in maintaining robust defense postures in today's threat landscape.

This Cyber News was published on cybersecuritynews.com. Publication date: Wed, 22 Oct 2025 08:00:13 +0000


Cyber News related to Zyxel Authorization Bypass Vulnerability Exposes Devices to Unauthorized Access

CVE-2020-9054 - Multiple ZyXEL network-attached storage (NAS) devices running firmware version 5.21 contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable device. ...
5 years ago
Zyxel warns of multiple critical vulnerabilities in NAS devices - Zyxel has addressed multiple security issues, including three critical ones that could allow an unauthenticated attacker to execute operating system commands on vulnerable network-attached storage devices. Zyxel NAS systems are used for storing data ...
2 years ago Bleepingcomputer.com CVE-2023-35137 CVE-2023-35138
CVE-2021-41769 - A vulnerability has been identified in SIPROTEC 5 6MD85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 6MD86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 6MD89 devices (CPU variant CP300) (All versions < ...
4 years ago
20 Best Remote Monitoring Tools - 2025 - What is Good ?What Could Be Better ?Strong abilities to keep an eye on devices and systems.Some parts may take time to figure out.It gives you tools for remote control and troubleshooting.There could be more ways to change things.Lets you automate ...
10 months ago Cybersecuritynews.com
Zyxel Authorization Bypass Vulnerability Exposes Devices to Unauthorized Access - A critical authorization bypass vulnerability has been discovered in Zyxel network devices, allowing attackers to gain unauthorized access and potentially control affected systems. This security flaw impacts multiple Zyxel products, exposing them to ...
3 months ago Cybersecuritynews.com CVE-2023-28808
From Implicit to Authorization Code With PKCE, BFF - Lack of Refresh Token Support occurs when there are no refresh tokens, and frequent requests for new tokens are necessary, increasing the chances of token leakage and misuse. The Implicit Flow had several security vulnerabilities, such as token ...
1 year ago Feeds.dzone.com
Claroty Team82: 63% of Known Exploited Vulnerabilities Tracked by CISA Are on Healthcare Organization Networks - PRESS RELEASE. NEW YORK and ORLANDO, Fla., March 12, 2024/PRNewswire/ -Claroty, the cyber-physical systems protection company, released today at the annual HIMSS24 conference a new report that uncovered concerning data about the security of medical ...
1 year ago Darkreading.com
IoT Security for Business: Safeguarding Connected Devices - In this discussion, we will explore the significance of IoT security for businesses and effective strategies for safeguarding connected devices. With the increasing number of connected devices in business environments, the need for effective IoT ...
2 years ago Securityzap.com
Cisco Defense Orchestrator's Path to FedRAMP Authorization - Today I'd like to shed some light on the status and processes involved for one of these solutions as it moves forward on achieving FedRAMP® Authorization-Cisco Defense Orchestrator. Moving forward on FedRAMP. Cisco has made great progress in moving ...
1 year ago Feedpress.me
IoT Security: Safeguarding Business IoT Devices - The security of IoT devices is of utmost importance as businesses increasingly rely on them to streamline operations and enhance productivity. In this discussion, we will explore the importance of IoT security in safeguarding business IoT devices and ...
1 year ago Securityzap.com
Why BYOD Is the Favored Ransomware Backdoor - These devices exist outside of direct corporate management and provide a ransomware gang with unchecked platforms for encrypting data. Microsoft's fourth annual Digital Defense Report for 2023 reveals that 80% of all ransomware compromises come from ...
2 years ago Esecurityplanet.com
BadBox malware disrupted on 500K infected Android devices - The BadBox Android malware botnet has been disrupted again by removing 24 malicious apps from Google Play and sinkholing communications for half a million infected devices. HUMAN says it also discovered 24 Android apps in the official app store, ...
11 months ago Bleepingcomputer.com
Russian Hackers Likely Not Involved in Attacks on Denmark's Critical Infrastructure - Russian state-sponsored APT actor Sandworm might have not been involved in last year's massive attack campaign against Denmark's critical infrastructure, cybersecurity firm Forescout says. The assaults occurred in May 2023 and resulted in the ...
2 years ago Securityweek.com CVE-2023-28771 CVE-2023-33009 CVE-2023-33010 CVE-2023-27881
The key to connected care excellence - Antoinette Hodes is a Global Solutions Architect, specializing in IoT, and serves as an Evangelist with the Check Point Office of the CTO. She has worked as an engineer in IT for over 25 years and is an experienced security solutions architect in the ...
2 years ago Blog.checkpoint.com
Zyxel unveils new cloud-managed switches for small businesses and professional home users - Zyxel Networks launched the XMG1915 series - a family of smart managed switches designed to provide small businesses and professional home users with the throughput and versatility needed to support today's high bandwidth applications and services. ...
2 years ago Helpnetsecurity.com
Webex announces comprehensive Device Management Capabilities with Phonism integration - Webex is excited to announce a comprehensive solution for 3rd party Device Management referred to as 'Partner Managed Devices. ' Partner Managed Devices allows Webex Cloud Calling offers to support a flexible Device Management strategy. With this ...
2 years ago Feedpress.me
IoT Security in the Age of Cyber Threats - These vast neural networks enable IoT devices to seamlessly connect the mundane and the sophisticated into the digital fabric of the internet. This range of devices includes everything right from kitchen appliances and industrial machinery to smart ...
2 years ago Feeds.dzone.com
CMDB: Device Visibility for Bank Security - Let us see how a device visibility and control software functions to automatically alert when a rogue or unauthorized device enters your network. Device visibility and control is a cybersecurity concept that refers to the ability to discover, ...
2 years ago Feeds.dzone.com
Move Over, APTs: Common Cybercriminals Begin Critical Infrastructure Targeting - According to an analysis from Forescout Research, Vedere Labs this week, one of two previously reported attacks against the Danish energy sector in May was mistakenly attributed to Sandworm. Mass Exploitation of CVE-2023-27881 in Zyxel Firewalls At ...
2 years ago Darkreading.com CVE-2023-27881
The Evolution of Authorization Controls: Exploring PBAC and Its Benefits - There has been a substantial trend toward improvement of authorization capabilities and controls. Policy Based Access Control provided by advanced authorization and access control system is progressively displacing more basic and traditional ...
2 years ago Cybersecurity-insiders.com
Definition from TechTarget - BYOD is a policy that enables employees in an organization to use their personally owned devices for work-related activities. Smartphones are the most common mobile device an employee might take to work, but they also take their own tablets, laptops ...
2 years ago Techtarget.com
Understanding the OWASP API Security Top 10: Why BOLA is the Number One Risk for APIs - Understanding and addressing vulnerabilities is critical in cybersecurity, where APIs serve as the backbone for seamless data exchange. Among the vulnerabilities highlighted, Broken Object Level Authorization stands out as a top priority and a major ...
1 year ago Imperva.com
Zyxel RCE Vulnerability Allows Arbitrary Query Execution Without any Authentication - “An SSH tunnel with port forwarding exposes the database service to external access, creating a direct communication channel with the database from a remote system,” explains the researcher. “By leveraging this capability, I was ...
9 months ago Cybersecuritynews.com
Coming Soon to a Network Near You: More Shadow IoT - News of former Microsoft head of product Panos Panay's exit caused a small stir in the tech industry when it was learned he would join Amazon to lead that company's product division. Precisely what Amazon and Panay have in mind for that ecosystem has ...
2 years ago Securityweek.com

Latest Cyber News


    Cyber Trends (last 7 days)


    Trending Cyber News (last 7 days)