-
Zyxel security advisory for post-authentication RCE in firewalls
CVE: CVE-2022-38547 Summary Zyxel has released patches for firewalls affected by a post-authentication remote code execution (RCE)
vulnerability. Users are advised to install them for optimal protection. What is the vulnerability? The post-authentication
RCE vulnerability in the CLI command of some firewall versions could…
-
Zyxel security advisory for cleartext storage of WiFi credentials and improper symbolic links of ...
Zyxel security advisory for cleartext storage of WiFi
credentials and improper symbolic links of FTP for AX7501-B0 CPE CVE: CVE-2022-45439, CVE-2022-45440 Summary Zyxel has released a patch addressing the cleartext storage
of WiFi credentials and improper FTP symbolic links in the AX7501-B0 CPE, and advises
users to…
-
Zyxel security advisory for DNS misconfiguration in NBG7510 home router
CVE: CVE-2022-38546 Summary Zyxel
has released a patch addressing a DNS misconfiguration in the NBG7510 home
router. Users are advised to install the applicable update for optimal
protection. What is the vulnerability? A
DNS misconfiguration in Zyxel’s NBG7510 could allow an unauthenticated attacker
to perform DNS-related…
-
Zyxel security advisory for XSS vulnerability in firewalls
CVE: CVE-2022-40603 Summary Zyxel has released patches for some firewalls affected by
a reflected cross-site scripting (XSS) vulnerability. Users are advised to
install them for optimal protection. What is the vulnerability? A reflected XSS vulnerability in the
CGI program of some firewall versions could allow an attacker…
-
Zyxel security advisory for pre-configured password vulnerability of LTE3301-M209
CVE: CVE-2022-40602 Summary Zyxel has released a patch for its LTE indoor router LTE3301-M209 to address a pre-configured password vulnerability. Users are advised to install the patch for optimal protection. What is the vulnerability? A flaw in the previous LTE3301-M209 firmware could allow a remote attacker to access the…
-
Zyxel security advisory for multiple vulnerabilities
CVE: CVE-2023-28769, CVE-2023-28770, CVE-2022-45440 Summary Zyxel is aware of multiple vulnerabilities reported by our security consultancy partner, SEC Consult, and advises users to install the applicable firmware updates for optimal protection. What are the vulnerabilities? There are eight vulnerabilities, identified as…
-
Zyxel security advisory for cleartext storage of information vulnerability
CVE: CVE-2021-35036 Summary Zyxel is releasing patches addressing a cleartext storage
of information vulnerability in its products.
Users are advised to install the patches for optimal protection. What is the vulnerability? The cleartext storage of information vulnerability is due to a CGI
program lacking proper protection…
-
Zyxel security advisory for insufficient entropy vulnerability of GS1900 series switches
CVE: CVE-2022-34746 Summary Zyxel has released patches for GS1900 series switches
affected by an insufficient entropy vulnerability. Users are advised to install
them for optimal protection. What is the vulnerability? An insufficient entropy vulnerability caused by the improper
use of randomness sources with low entropy…
-
Zyxel security advisory for format string vulnerability in NAS
CVE: CVE-2022-34747 Summary Zyxel has released patches for NAS products affected by a
format string vulnerability. Users are advised to install them for optimal
protection. What is the vulnerability? A format string vulnerability was found in a
specific binary of Zyxel NAS products that could allow an attacker to achieve…
-
Zyxel security advisory for buffer overflow vulnerability in Realtek eCos SDK
CVE: CVE-2022-27255 Summary Zyxel is aware of a buffer overflow vulnerability in some
versions of Realtek’s Software Development Kit (SDK) and assures customers that
Zyxel products are NOT affected. What is the vulnerability? A stack-based buffer overflow vulnerability was found in the SIP ALG
module in some versions of…
-
Zyxel security advisory for LPE and authenticated directory traversal vulnerabilities of firewalls
CVE: CVE-2022-30526, CVE-2022-2030 Summary Zyxel has released patches for products affected by local privilege escalation (LPE) and authenticated directory traversal vulnerabilities. Users are advised to install them for optimal protection. What are the vulnerabilities? CVE-2022-30526 A privilege escalation vulnerability…
-
Zyxel security advisory for CRLF injection vulnerability in some legacy firewalls
Summary Zyxel is aware of a CRLF injection vulnerability in legacy USG100, USG200, USG300, USG20W, USG20, and USG50 firewalls. Since all of the affected models have reached end-of-vulnerability-support, users are advised to replace them with newer-generation models for optimal protection. What is the vulnerability? The…
-
Zyxel security advisory for password guessing vulnerability of GS1200 series switches
CVE: CVE-2022-0823 Summary Zyxel is aware that GS1200 series switches are vulnerable to password-guessing attacks. Users are advised to install the applicable updates for optimal protection. What is the vulnerability? An improper control of interaction frequency vulnerability in Zyxel GS1200 series switches could allow a…
-
Zyxel security advisory for multiple vulnerabilities of firewalls, AP controllers, and APs
CVE: CVE-2022-0734, CVE-2022-26531, CVE-2022-26532, CVE-2022-0910 Summary Zyxel is aware of multiple vulnerabilities reported by security consultancies and advises users to install the applicable firmware updates for optimal protection. What is the vulnerability? CVE-2022-0734 A cross-site scripting vulnerability was…
-
Zyxel security advisory for DNSpooq
Zyxel security advisory for DNSpooq CVE: CVE-2020-25681, CVE-2020-25682, CVE-2020-25683, CVE-2020-25684, CVE-2020-25685, CVE-2020-25686, CVE-2020-25687 Summary Zyxel will release patches for products affected by the Dnsmasq
vulnerabilities reported by CERT/CC. Users are advised to install the applicable
firmware updates or…
-
Zyxel security advisory for OS command injection vulnerability of firewalls
CVE: CVE-2022-30525 Summary Zyxel has released patches for an OS command injection vulnerability found by Rapid 7 and urges users to install them for optimal protection. What is the vulnerability? A command injection vulnerability in the CGI program of some firewall versions could allow an attacker to modify specific files…
-
Zyxel security advisory for local privilege escalation vulnerability of AP Configurator
CVE: CVE-2022-0556 Summary Zyxel has released a patch addressing a local privilege escalation vulnerability in its AP Configurator. Users are advised to install it for optimal protection. What is the vulnerability? A local privilege escalation vulnerability caused by incorrect permission assignment in some directories of…
-
Zyxel security advisory for OS command injection and buffer overflow vulnerabilities of CPE and ONTs
CVE: CVE-2022-26413, CVE-2022-26414 Summary Zyxel is aware of OS command injection and buffer overflow vulnerabilities affecting some CPE and ONT models. Users are advised to adopt the applicable firmware updates for optimal protection. What is the vulnerability? CVE-2022-26413 A command injection vulnerability in the CGI…
-
Zyxel security advisory for authentication bypass vulnerability of firewalls
CVE: CVE-2022-0342 Summary Zyxel
has released patches for products affected by the authentication bypass
vulnerability. Users are advised to install them for optimal protection. What is the vulnerability? An
authentication bypass vulnerability caused by the lack of a proper access
control mechanism has been found in the…
-
Zyxel security advisory for OS command injection vulnerability of NWA1100-NH access point
CVE: CVE-2021-4039 Summary Zyxel
has released a patch addressing an OS command injection vulnerability in the
NWA1100-NH access point. Users are advised to install it for optimal
protection. What is the vulnerability? An OS
command-injection vulnerability in the NWA1100-NH access point could allow an attacker to execute…