Blogs & Stories

SpiderLabs Blog

Attracting more than a half-million annual readers, this is the security community's go-to destination for technical breakdowns of the latest threats, critical vulnerability disclosures and cutting-edge research.

TWSL2011-004: Cross-Site Scripting Vulnerability in ZyXEL ZyWALL 70 Firewall(1)

The SpiderLabs team at Trustwave published a new advisory today, which details a vulnerability identified in the ZyXEL ZyWALL 70 Firewall. The ZyXEL ZyWALL 70 Internet Security Appliance provides NAT, firewall andVPN capability, with the option of adding wireless capabilities. All ZyWALL 70 Firewalls come with a web management console which provides configuration to administrators.

The vulnerability was discovered by David Kirkpatrick, who is a member of the SpiderLabs EMEA Network Penetration Testing team. David discovered a way to perform a cross-site scripting attack on the web frontend. Utilizing this attack, an attacker can run illicit JavaScript on a victims machine if they can trick that victim to naviagating to a crafted URL. ZyXEL was very cooperative in releasing a patch, which is available for customers. In order to obtain the patch, customers should contact ZyXEL customer service, who will provide it. The specific patch which corrects this issue is  404WM4_db(0506).