- NAS325 ZYXEL FIRMWARE UPDATE INSTALL
- NAS325 ZYXEL FIRMWARE UPDATE UPDATE
- NAS325 ZYXEL FIRMWARE UPDATE UPGRADE
Users of all the affected devices, both Zyxel’s and LILIN’s, are advised to update their device firmware or implement available workarounds. The manufacturer has released firmware that fixes the flaws (2.0b60_20200207) back in February.
IP cameras (LILIN DHD204, LILIN DHD204A, LILIN DHD208, LILIN DHD208A, LILIN DHD216, LILIN DHD216A). DVRs (LILIN DHD516A, LILIN DHD508A, LILIN DHD504A, LILIN DHD316A, LILIN DHD308A, LILIN DHD304A). They are exploiting a number of security flaws, including hard-coded login credentials, command injection (via NTP and FTP) and arbitrary file reading vulnerabilities.Īccording to the researchers, firmware running on a dozen LILIN devices is affected: LILIN digital video recorders (DVRs) and IP cameras have been under attack for months, by botmasters of the Chalubo, FBot and Moobot botnets, say researchers from Qihoo 360’s Netlab team. For example, by way of viewing a web page,” CERT/CC added. “Note however, that it is still possible for attackers to exploit devices that are not directly connected to the internet. Restricting access to vulnerable devices (i.e., not exposing them on the internet). 
Blocking access to the web interface (80/tcp and 443/tcp) of any vulnerable ZyXEL device. Workarounds available for those who can’t update the firmware include: For these reasons, any attacker that has control of DNS or IP routing may be able to cause a malicious firmware to be installed on a ZyXEL device.” NAS325 ZYXEL FIRMWARE UPDATE INSTALL
Users of the affected hardware should immediately install the provided hotfixes and firmware updates.
NAS325 ZYXEL FIRMWARE UPDATE UPGRADE
“Be cautious when updating firmware on affected devices, as the ZyXEL firmware upgrade process both uses an insecure channel (FTP) for retrieving updates, and the firmware files are only verified by checksum rather than cryptographic signature. Data loss is preprogrammed: A zero dayexploit (CVE-2020-9054) in hardware from the NAS manufacturer Zyxel allows cyber attacks with 'remote code execution'. “Owners of NSA210, NSA220, NSA220+, NSA221, NSA310, NSA310S, NSA320, NSA320S, NSA325 and NSA325v2 as well as some other ZyXEL devices may not be able to install firmware updates, as these devices are no longer supported,” CERT/CC warned.
Network-attached storage devices (NAS326, NAS520, NAS540, NAS542). The vulnerability was fixed in late February and Zyxel has provided firmware updates for the following affected devices that are still supported: Users are advised to implement the provided firmware updates to plug the security holes exploited by the botmasters or, if they can’t, to stop using the devices altogether or to put them behind network firewalls.Īccording to Palo Alto Networks’ Unit 42, botmasters using a new Mirai strain dubbed Mukashi are exploiting CVE-2020-9054, a pre-authentication command injection flaw, to compromise and “zombify” network-attached storage devices, firewalls, business VPN firewalls and unified security gateways.ĬVE-2020-9054 is considered to be a critical vulnerability as it can be exploited by a remote, unauthenticated attacker to execute arbitrary code on a vulnerable device. A wide variety of Zyxel and LILIN IoT devices are being conscripted into several botnets, researchers have warned.
0 kommentar(er)
