{"type":"rich","version":"1.0","title":"zCat wrote","author_name":"zCat (npub1zm…5pnd6)","author_url":"https://yabu.me/npub1zm7jduqq2nmxz5wxh4ujtm00g9vxzqa0r82yt7flvm67yje5gfaqa5pnd6","provider_name":"njump","provider_url":"https://yabu.me","html":"CISA Warns of Zyxel Firewall Vulnerability Exploited in Attacks\n\nThe US cybersecurity agency CISA on Tuesday warned that a path traversal vulnerability in multiple Zyxel firewall appliances has been exploited in the wild.\n\nThe issue, tracked as CVE-2024-11667 (CVSS score of 7.5), is a high-severity flaw affecting the web management interface of Zyxel ATP, USG FLEX, and USG20(W)-VPN series devices.\n\nSuccessful exploitation of the security defect could allow an attacker to download or upload files using crafted URLs, a NIST advisory reads.\n\n“An attacker may gain unauthorized access to the system, steal credentials, and create backdoor VPN connections by exploiting the vulnerability,” Qualys warned on Tuesday.\n\nSee more: https://www.securityweek.com/cisa-warns-of-zyxel-firewall-vulnerability-exploited-in-attacks/\n\n#cybersecurity #zyxel #exploit"}