TWSL2011-004: Cross-Site Scripting Vulnerability in ZyXEL ZyWALL 70 Firewall

The SpiderLabs team at Trustwave published a new advisory today, which details a vulnerability identified in the ZyXEL ZyWALL 70 Firewall. The ZyXEL ZyWALL 70 Internet Security Appliance provides NAT, firewall andVPN capability, with the option of adding wireless capabilities. All ZyWALL 70 Firewalls come with a web management console which provides configuration to administrators.

The vulnerability was discovered by David Kirkpatrick, who is a member of the SpiderLabs EMEA Network Penetration Testing team. David discovered a way to perform a cross-site scripting attack on the web frontend. Utilizing this attack, an attacker can run illicit JavaScript on a victims machine if they can trick that victim to naviagating to a crafted URL. ZyXEL was very cooperative in releasing a patch, which is available for customers. In order to obtain the patch, customers should contact ZyXEL customer service, who will provide it. The specific patch which corrects this issue is  404WM4_db(0506).

For further details, please view the full advisory at the following address:

Trustwave reserves the right to review all comments in the discussion below. Please note that for security and other reasons, we may not approve comments containing links.