From thehackernews.com
Zyxel has moved to address a critical security vulnerability affecting Zyxel firewall devices that enables unauthenticated and remote attackers to gain arbitrary code execution.
“A command injection vulnerability in the CGI program of some firewall versions could allow an attacker to modify specific files and then execute some OS commands on a vulnerable device,” the company said in an advisory published Thursday.
Cybersecurity firm Rapid7, which discovered and reported the flaw on April 13, 2022, said that the weakness could permit a remote unauthenticated adversary to execute code as the “nobody” user on impacted appliances.