Zyxel Firewall Vulnerability Exploited in Ransomware Attacks

Critical vulnerability in Zyxel firewalls exploited for ransomware attacks. CERT Germany and Zyxel have reported that a severe vulnerability, tracked as CVE-2024-11667, is being actively exploited to deploy Helldown ransomware, affecting at least five organizations in Germany. This directory traversal vulnerability in Zyxel’s ZLD firmware allows unauthorized file uploads and downloads, potentially compromising sensitive information and enabling further malicious activities. Affected devices include Zyxel ATP and USG FLEX series firewalls running specific firmware versions. Zyxel has released a patch (version 5.39) to address the issue, but organizations are advised to reset passwords, enhance network monitoring, disable non-essential services, and maintain regular offline backups to mitigate risks effectively.