Security Advisories - Zyxel Community

Zyxel security advisory: protecting against recent firewall threats
Summary Zyxel is aware of recent attempts by threat actors to target Zyxel firewalls through previously disclosed vulnerabilities, as reported in Sekoia’s blog post. We confirm that the reported issues are not reproducible on firmware version 5.39, released on September 3, 2024. To safeguard devices, we have strongly urged…
Zyxel security advisory for post-authentication command injection and buffer overflow ...
Zyxel security advisory for post-authentication command injection and buffer overflow vulnerabilities in GS1900 series switches CVEs: CVE-2024-8881, CVE-2024-8882 Summary Zyxel has released patches for GS1900 series switches affected by post-authentication command injection and buffer overflow vulnerabilities. Users are…
Zyxel security advisory for insufficiently protected credentials vulnerability in firewalls
CVE: CVE-2024-9677 Summary Zyxel has released patches for USG FLEX H series firewalls affected by an insufficiently protected credentials vulnerability. Users are advised to install them for optimal protection. What is the vulnerability? The insufficiently protected credentials vulnerability in the CLI command of the USG…
Zyxel security advisory for post-authentication memory corruption vulnerabilities in some...
Zyxel security advisory for post-authentication memory corruption vulnerabilities in some DSL/Ethernet CPE, fiber ONT, WiFi extender, and security router versions CVEs: CVE-2024-38266, CVE-2024-38267, CVE-2024-38268, CVE-2024-38269 Summary Zyxel has released patches for some DSL/Ethernet CPE, fiber ONT, WiFi extender, and…
Zyxel security advisory for OS command injection vulnerability in NAS products
CVE: CVE-2024-6342 Summary Zyxel has released hotfixes addressing command injection vulnerability in two NAS products that have reached end-of-vulnerability-support. Users are advised to install the hotfixes for optimal protection. What is the vulnerability? CVE-2024-6342 **UNSUPPORTED WHEN ASSIGNED** A command injection…
Zyxel security advisory for insufficient entropy vulnerability for web authentication tokens......
Zyxel security advisory for insufficient entropy vulnerability for web authentication tokens generation in GS1900 series switches CVE: CVE-2024-38270 Summary Zyxel has released patches for GS1900 series switches affected by an insufficient entropy vulnerability. Users are advised to install them for optimal protection.…
Zyxel security advisory for OS command injection vulnerability in APs and security router devices
CVE: CVE-2024-7261 Summary Zyxel has released patches addressing an operating system (OS) command injection vulnerability in some access point (AP) and security router versions. Users are advised to install the patches for optimal protection. What is the vulnerability? The improper neutralization of special elements in the…
Zyxel security advisory for multiple vulnerabilities in firewalls
CVEs:CVE-2024-6343, CVE-2024-7203, CVE-2024-42057, CVE-2024-42058, CVE-2024-42059, CVE-2024-42060, CVE-2024-42061 Summary Zyxel has released patches addressing multiple vulnerabilities in some firewall versions.Users are advised to install the patches for optimal protection. What are the vulnerabilities? CVE-2024-6343 A…
Zyxel security advisory for buffer overflow vulnerability in some ......
Zyxel security advisory for buffer overflow vulnerabilityin some 5G NR CPE, DSL/Ethernet CPE, fiber ONT, WiFi extender, and securityrouter devices CVE: CVE-2024-5412 Summary Zyxel has released patches for some 5G NR/4G LTE CPE, DSL/Ethernet CPE, fiber ONT, WiFi extender, and security router devices affected by a buffer…
Zyxel security advisory for buffer overflow vulnerability in 4G LTE and 5G NR outdoor routers
CVE: CVE-2023-27989 Summary Zyxel has released patches for some 4G LTE and 5G NR outdoor routers affected by a buffer overflow vulnerability. Users are advised to install them for optimal protection. What are the vulnerabilities? A buffer overflow vulnerability in the CGI program of some Zyxel 4G LTE and 5G NR outdoor…
Zyxel security advisory for improper privilege management vulnerability in APs
CVE: CVE-2024-1575 Summary Zyxel has released patches addressing an improper privilege management vulnerability in some access point (AP) versions. Users are advised to install the patches for optimal protection. What is the vulnerability? The improper privilege management vulnerability in some Zyxel AP versions could…
Zyxel security advisory for multiple vulnerabilities in NAS products
CVEs: CVE-2024-29972, CVE-2024-29973, CVE-2024-29974, CVE-2024-29975, CVE-2024-29976 Summary Zyxel has released patches addressing command injection and remote code execution vulnerabilities in two NAS products that have reached end-of-vulnerability-support. Users are advised to install them for optimal protection. What…
Zyxel security advisory for buffer overflow vulnerabilities in some 5G NR/4G LTE CPE, ...
Zyxel security advisory for buffer overflow vulnerabilities in some 5G NR/4G LTE CPE, DSL/Ethernet CPE, fiber ONT, WiFi extender, and home router devices CVEs: CVE-2023-37929, CVE-2024-0816 Summary Zyxel has released patches forsome 5G NR/4G LTE CPE, DSL/Ethernet CPE, fiber ONT, WiFi extender, and home router devices…
Zyxel security advisory for OS command injection vulnerabilities of GS1900/XGS1210/XGS1250
CVE: CVE-2021-35031, CVE-2021-35032 Summary Zyxel has released patches addressing OS command injection vulnerabilities in the GS1900, XGS1210, and XGS1250 series of switches. Users are advised to install the applicable firmware updates for optimal protection. What is the vulnerabilities? CVE-2021-35031 An OS command…
Zyxel security advisory for multiple vulnerabilities in firewalls and APs
CVEs: CVE-2023-6397, CVE-2023-6398, CVE-2023-6399, and CVE-2023-6764 Summary Zyxel has released patches addressing multiple vulnerabilities in some firewall and access point (AP) versions. Users are advised to install the patches for optimal protection. What are the vulnerabilities? CVE-2023-6397 A null pointer dereference…
Zyxel security advisory for post-authentication command injection vulnerability in NAS products
CVE: CVE-2023-5372 Summary Zyxel has released patches addressing a post-authentication command injection vulnerability in some NAS versions. Users are advised to install them for optimal protection. What is the vulnerability? The post-authentication command injection vulnerability in some Zyxel NAS devices could allow an…
Zyxel security advisory for command injection & buffer overflow of CPE, fiber ONTs, & WiFi extenders
CVE: CVE-2022-43389, CVE-2022-43390, CVE-2022-43391, CVE-2022-43392 Summary Zyxel is aware of multiple vulnerabilities reported by Positive Technologies and advises users to install the applicable firmware updates for optimal protection. What are the vulnerabilities? CVE-2022-43389 A buffer overflow vulnerability in the…
Zyxel security advisory for authentication bypass and command injection vulnerabilities in NAS ...
Zyxel security advisory for authentication bypass and command injection vulnerabilities in NAS products CVEs: CVE-2023-35137, CVE-2023-35138, CVE-2023-37927, CVE-2023-37928, CVE-2023-4473, CVE-2023-4474 Summary Zyxel has released patches addressing an authentication bypass vulnerability and command injection…
Zyxel security advisory for multiple vulnerabilities in firewalls and APs
Summary Zyxel has released patches addressing multiple vulnerabilities in some firewall and access point (AP) versions. Users are advised to install the patches for optimal protection. What are the vulnerabilities? CVE-2023-35136 An improper input validation vulnerability in the “Quagga” package of some firewall versions…
Zyxel security advisory for out-of-bounds write vulnerability in SecuExtender...
Zyxel security advisory for out-of-bounds write vulnerability in SecuExtender SSL VPN Client software CVE: CVE-2023-5593 Summary Zyxel has released patches for the Windows-based SecuExtender SSL VPN Client software affected by an out-of-bounds write vulnerability. Users are advised to install them for optimal protection.…

Welcome!

It looks like you're new here. Sign in or register to get started.