-
Zyxel security advisory for multiple vulnerabilities
CVE: CVE-2023-28769, CVE-2023-28770, CVE-2022-45440 Summary Zyxel is aware of multiple vulnerabilities reported by our security consultancy partner, SEC Consult, and advises users to install the applicable firmware updates for optimal protection. What are the vulnerabilities? There are eight vulnerabilities, identified as…
-
Zyxel security advisory for cleartext storage of information vulnerability
CVE: CVE-2021-35036 Summary Zyxel is releasing patches addressing a cleartext storage
of information vulnerability in its products.
Users are advised to install the patches for optimal protection. What is the vulnerability? The cleartext storage of information vulnerability is due to a CGI
program lacking proper protection…
-
Zyxel security advisory for insufficient entropy vulnerability of GS1900 series switches
CVE: CVE-2022-34746 Summary Zyxel has released patches for GS1900 series switches
affected by an insufficient entropy vulnerability. Users are advised to install
them for optimal protection. What is the vulnerability? An insufficient entropy vulnerability caused by the improper
use of randomness sources with low entropy…
-
Zyxel security advisory for format string vulnerability in NAS
CVE: CVE-2022-34747 Summary Zyxel has released patches for NAS products affected by a
format string vulnerability. Users are advised to install them for optimal
protection. What is the vulnerability? A format string vulnerability was found in a
specific binary of Zyxel NAS products that could allow an attacker to achieve…
-
Zyxel security advisory for buffer overflow vulnerability in Realtek eCos SDK
CVE: CVE-2022-27255 Summary Zyxel is aware of a buffer overflow vulnerability in some
versions of Realtek’s Software Development Kit (SDK) and assures customers that
Zyxel products are NOT affected. What is the vulnerability? A stack-based buffer overflow vulnerability was found in the SIP ALG
module in some versions of…
-
Zyxel security advisory for LPE and authenticated directory traversal vulnerabilities of firewalls
CVE: CVE-2022-30526, CVE-2022-2030 Summary Zyxel has released patches for products affected by local privilege escalation (LPE) and authenticated directory traversal vulnerabilities. Users are advised to install them for optimal protection. What are the vulnerabilities? CVE-2022-30526 A privilege escalation vulnerability…
-
Zyxel security advisory for CRLF injection vulnerability in some legacy firewalls
Summary Zyxel is aware of a CRLF injection vulnerability in legacy USG100, USG200, USG300, USG20W, USG20, and USG50 firewalls. Since all of the affected models have reached end-of-vulnerability-support, users are advised to replace them with newer-generation models for optimal protection. What is the vulnerability? The…
-
Zyxel security advisory for password guessing vulnerability of GS1200 series switches
CVE: CVE-2022-0823 Summary Zyxel is aware that GS1200 series switches are vulnerable to password-guessing attacks. Users are advised to install the applicable updates for optimal protection. What is the vulnerability? An improper control of interaction frequency vulnerability in Zyxel GS1200 series switches could allow a…
-
Zyxel security advisory for multiple vulnerabilities of firewalls, AP controllers, and APs
CVE: CVE-2022-0734, CVE-2022-26531, CVE-2022-26532, CVE-2022-0910 Summary Zyxel is aware of multiple vulnerabilities reported by security consultancies and advises users to install the applicable firmware updates for optimal protection. What is the vulnerability? CVE-2022-0734 A cross-site scripting vulnerability was…
-
Zyxel security advisory for DNSpooq
Zyxel security advisory for DNSpooq CVE: CVE-2020-25681, CVE-2020-25682, CVE-2020-25683, CVE-2020-25684, CVE-2020-25685, CVE-2020-25686, CVE-2020-25687 Summary Zyxel will release patches for products affected by the Dnsmasq
vulnerabilities reported by CERT/CC. Users are advised to install the applicable
firmware updates or…
-
Zyxel security advisory for OS command injection vulnerability of firewalls
CVE: CVE-2022-30525 Summary Zyxel has released patches for an OS command injection vulnerability found by Rapid 7 and urges users to install them for optimal protection. What is the vulnerability? A command injection vulnerability in the CGI program of some firewall versions could allow an attacker to modify specific files…
-
Zyxel security advisory for local privilege escalation vulnerability of AP Configurator
CVE: CVE-2022-0556 Summary Zyxel has released a patch addressing a local privilege escalation vulnerability in its AP Configurator. Users are advised to install it for optimal protection. What is the vulnerability? A local privilege escalation vulnerability caused by incorrect permission assignment in some directories of…
-
Zyxel security advisory for OS command injection and buffer overflow vulnerabilities of CPE and ONTs
CVE: CVE-2022-26413, CVE-2022-26414 Summary Zyxel is aware of OS command injection and buffer overflow vulnerabilities affecting some CPE and ONT models. Users are advised to adopt the applicable firmware updates for optimal protection. What is the vulnerability? CVE-2022-26413 A command injection vulnerability in the CGI…
-
Zyxel security advisory for authentication bypass vulnerability of firewalls
CVE: CVE-2022-0342 Summary Zyxel
has released patches for products affected by the authentication bypass
vulnerability. Users are advised to install them for optimal protection. What is the vulnerability? An
authentication bypass vulnerability caused by the lack of a proper access
control mechanism has been found in the…
-
Zyxel security advisory for OS command injection vulnerability of NWA1100-NH access point
CVE: CVE-2021-4039 Summary Zyxel
has released a patch addressing an OS command injection vulnerability in the
NWA1100-NH access point. Users are advised to install it for optimal
protection. What is the vulnerability? An OS
command-injection vulnerability in the NWA1100-NH access point could allow an attacker to execute…
-
Zyxel security advisory for command injection and CSRF vulnerabilities of select Armor home routers
CVEs: CVE-2021-4029, CVE-2021-4030 Summary Zyxel
has released a patch addressing command injection and cross-site request
forgery vulnerabilities in the Armor Z2 home router. Users are advised to
install it for optimal protection. What are the vulnerabilities? CVE-2021-4029 A
command-injection vulnerability in the CGI…
-
Zyxelsecurity advisory for insufficient session expiration and cleartext storage of sensitive
CVEs: CVE-2021-35034, CVE-2021-35035 Summary Zyxel
has released a patch addressing insufficient session expiration and cleartext
storage of sensitive information vulnerabilities in the NBG6604 home router.
Users are advised to install it for optimal protection. What are the vulnerabilities? CVE-2021-35034 An
insufficient…
-
Zyxel security advisory for Apache Log4j RCE vulnerability
CVE: CVE-2021-44228, CVE-2021-45046, CVE-2021-4104, CVE-2021-45105 Summary Zyxel is aware of remote code execution (RCE) vulnerabilities in Apache Log4j and confirms that among all its product lines, ONLY NetAtlas Element Management System (EMS) is affected. Users are advised to install the applicable updates for optimal…
-
Zyxel security advisory for FragAttacks against WiFi products
CVE: CVE-2020-26139, CVE-2020-26140, CVE-2020-26141, CVE-2020-26142, CVE-2020-26143, CVE-2020-26144, CVE-2020-26145, CVE-2020-26146, CVE-2020-26147, CVE-2020-24586, CVE-2020-24587, CVE-2020-24588 Summary Zyxel is aware of the FRagmentation and AGgregation Attacks against WiFi vulnerability (dubbed “FragAttacks”) and is…
-
Zyxel security advisory for directory traversal and command injection vulnerabilities of VPN2S
CVE: CVE-2021-35027, CVE-2021-35028 Summary Zyxel has released a patch addressing directory traversal and command injection vulnerabilities in the VPN2S firewall. Users are advised to install it for optimal protection. What is the vulnerability? A directory traversal vulnerability caused by specific character sequences…