29 July 2021
Spike Reply recently supported Zyxel, a leader in delivering secure AI and cloud-powered business and home networking solutions, in tracking the threat actors targeting their network security appliances.
Zyxel has been collaborating with Spike Reply to track the threat actors’ activity and protect Zyxel customers against possible attack attempts.
As a result of its investigations, Spike Reply Cyber Security team identified a serious vulnerability that may have allowed attackers to bypass existing authentication measures protecting the web-based management interface, access vulnerable devices and execute arbitrary commands (CVE-2021-35029). Zyxel promptly released firmware patches for all the affected products.
Additional details are available in a dedicated Zyxel security advisory: here