In an advisory, the company said it had deployed a hotfix for all supported versions of CROS from 4 December onwards.
"Customers can further protect themselves by ensuring their Web Admin and SSH access is not exposed to WAN," the company advised.
Sophos said all CROS devices which had over-the-air updates turned on would automatically receive the new code. Others would need to manually turn on the required setting to receive it. Instructions for users have been provided on its support site.
It added that XG Firewall and SG UTM devices were not affected.
"We've been phasing out Cyberoam devices since early 2019, and recommend users update to XG Firewall," the company said. "An easy upgrade path is available that allows Cyberoam users to upgrade their software free of charge."