heise PlusAbo
Anzeige

Zyxel Firewalls: Attackers can execute system commands

A security update protects certain Zyxel firewalls from potential attacks. However, attacks are not easily possible.

listen Print view
A symbolic update button.

(Image: Photon photo/Shutterstock.com)

1 min. read
Security
By

If attackers successfully exploit a security vulnerability in the ZLD firmware of certain Zyxel firewalls, they can execute system-level commands and likely compromise devices. A security update eliminates the danger.

Attack with a High Barrier

As indicated in a security advisory, firewalls from the ATP, USG FLEX, and USG FLEX 50(W)/USG20(W)-VPN series with ZLD firmwares V5.35 up to and including V5.41 are vulnerable. The developers state that the firmware from V5.42 onwards has been secured.

Videos by heise

The vulnerability is found in the Dynamic DNS (DDNS) configuration within the context of the Command Line Interface (CLI command). For attackers to exploit the vulnerability through crafted commands, they must already possess administrative privileges. Despite this comparatively high barrier, the vulnerability (CVE-2025-11730) is classified with a threat level of "high". So far, Zyxel has not issued a warning about ongoing attacks. However, administrators should not delay patching for too long.

(des)

Don't miss any news – follow us on Facebook, LinkedIn or Mastodon.

This article was originally published in German. It was translated with technical assistance and editorially reviewed before publication.

Beliebte Bestenlisten

Alle Angebote
Newsletter heise-Bot heise-Bot Push Nachrichten Push Push-Nachrichten