Trustwave and Cybereason Merge to Form Global MDR Powerhouse for Unparalleled Cybersecurity Value. Learn More
Get access to immediate incident response assistance.
Get access to immediate incident response assistance.
Trustwave and Cybereason Merge to Form Global MDR Powerhouse for Unparalleled Cybersecurity Value. Learn More
The SpiderLabs team at Trustwave published a new advisory today, which details a vulnerability identified in the ZyXEL ZyWALL 70 Firewall. The ZyXEL ZyWALL 70 Internet Security Appliance provides NAT, firewall andVPN capability, with the option of adding wireless capabilities. All ZyWALL 70 Firewalls come with a web management console which provides configuration to administrators.
The vulnerability was discovered by David Kirkpatrick, who is a member of the SpiderLabs EMEA Network Penetration Testing team. David discovered a way to perform a cross-site scripting attack on the web frontend. Utilizing this attack, an attacker can run illicit JavaScript on a victims machine if they can trick that victim to naviagating to a crafted URL. ZyXEL was very cooperative in releasing a patch, which is available for customers. In order to obtain the patch, customers should contact ZyXEL customer service, who will provide it. The specific patch which corrects this issue is 404WM4_db(0506).
Trustwave is a globally recognized cybersecurity leader that reduces cyber risk and fortifies organizations against disruptive and damaging cyber threats. Our comprehensive offensive and defensive cybersecurity portfolio detects what others cannot, responds with greater speed and effectiveness, optimizes client investment, and improves security resilience. Learn more about us.
Copyright © 2024 Trustwave Holdings, Inc. All rights reserved.