Zyxel has published a security advisory to warn users about security vulnerabilities (CVE-2022-0734, CVE-2022-26531, CVE-2022-26532, CVE-2022-0910) affecting its multiple products. A malicious actor could exploit these vulnerabilities to trigger information disclosure, cause a system crash, execute arbitrary OS commands and bypass an authentication. The vulnerabilities impact USG/ZyWALL, USG FLEX, ATP, VPN, NSG firewalls, NXC2500 and NXC5500 AP controllers, and a range of Access Point products, including models of the NAP, NWA, WAC, and WAX series.

Zyxel has released security updates to address these vulnerabilities in its products. More information on vulnerabilities and updates is available in Zyxel security advisory – zyxel.com.