Radware’s Firewall Fiasco: Vulnerabilities Fixed in 2023, But Communication Lags Behind

Radware has squashed vulnerabilities in its Cloud Web Application Firewall, but not before a game of “who’s on first?” ensued. CERT/CC revealed the issues, Radware clarified they’d already fixed them in 2023, and amidst the confusion, the reporter’s findings initially went unacknowledged. Cybersecurity: where clarity’s a feature, not a bug.

3P
Published: May 13, 2025 12:34 pmAdded: May 13, 2025 at 5:48 amAssembled by: The Editor
Pro Dashboard

Hot Take:

Radware: The ghostbusters of vulnerabilities! They addressed those pesky little bugs even before we knew they were haunting our systems. Who you gonna call? Radware!

Key Points:

  • Radware’s Cloud WAF had vulnerabilities disclosed by CERT/CC on May 7, 2024.
  • The vulnerabilities, CVE-2024-56523 and CVE-2024-56524, were bypass methods for the firewall.
  • Radware claims they addressed these vulnerabilities in 2023, much like a cybersecurity time traveler.
  • Researcher Oriol Gegundez reported the vulnerabilities, but Radware was initially mum about it.
  • Radware assures customers that solutions were implemented, with a signature applied globally.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?