Security Advisories - Zyxel Community

Zyxelsecurity advisory for insufficient session expiration and cleartext storage of sensitive
CVEs: CVE-2021-35034, CVE-2021-35035 Summary Zyxel has released a patch addressing insufficient session expiration and cleartext storage of sensitive information vulnerabilities in the NBG6604 home router. Users are advised to install it for optimal protection. What are the vulnerabilities? CVE-2021-35034 An insufficient…
Zyxel security advisory for Apache Log4j RCE vulnerability
CVE: CVE-2021-44228, CVE-2021-45046, CVE-2021-4104, CVE-2021-45105 Summary Zyxel is aware of remote code execution (RCE) vulnerabilities in Apache Log4j and confirms that among all its product lines, ONLY NetAtlas Element Management System (EMS) is affected. Users are advised to install the applicable updates for optimal…
Zyxel security advisory for FragAttacks against WiFi products
CVE: CVE-2020-26139, CVE-2020-26140, CVE-2020-26141, CVE-2020-26142, CVE-2020-26143, CVE-2020-26144, CVE-2020-26145, CVE-2020-26146, CVE-2020-26147, CVE-2020-24586, CVE-2020-24587, CVE-2020-24588 Summary Zyxel is aware of the FRagmentation and AGgregation Attacks against WiFi vulnerability (dubbed “FragAttacks”) and is…
Zyxel security advisory for directory traversal and command injection vulnerabilities of VPN2S
CVE: CVE-2021-35027, CVE-2021-35028 Summary Zyxel has released a patch addressing directory traversal and command injection vulnerabilities in the VPN2S firewall. Users are advised to install it for optimal protection. What is the vulnerability? A directory traversal vulnerability caused by specific character sequences…
Zyxel Security Advisory for WiFi Simple Config Buffer Overflow Vulnerabilities
CVE: CVE-2021-35392, CVE-2021-35393 Summary Zyxel is aware of two buffer overflow vulnerabilities in the WiFi Simple Config of Realtek’s Software Development Kit (SDK) for WiFi products and will release patch for the vulnerable product on the market. Users are advised to install the applicable firmware update for optimal…
Zyxel security advisory for XSS vulnerability of GS1900 series switches
CVE: CVE-2021-35030 Summary Zyxel has released patches addressing a cross-site scripting (XSS) vulnerability in the GS1900 series of switches. Users are advised to install the applicable firmware updates for optimal protection. What is the vulnerability? A XSS vulnerability was identified in Zyxel’s GS1900 series of…
Zyxel security advisory for attacks against security appliances
Zyxel security advisory for attacks against security appliances Summary Zyxel has been tracking the recent activity of threat actors targeting Zyxel security appliances and has released firmware patches to defend against it. Users are advised to install the patches for optimal protection. What is the issue? Based on our…
Zyxel security advisory for CGI vulnerability of LTE
Zyxel security advisory for CGI vulnerability of LTE CVE: CVE-2020-28899 Summary Zyxel has released LTE router patches addressing a common gateway interface (CGI) vulnerability. Users are advised to install the applicable firmware updates for optimal protection. What is the vulnerability? A CGI script vulnerability arising…
Zyxel security advisory for insecure folder permissions of ZON Utility
Zyxel security advisory for insecure folder permissions of ZON Utility CVE: CVE-2020-27667 Summary Zyxel has released a patch for the incorrect folder permission vulnerability of Zyxel One Network (ZON) Utility recently reported by researchers from ECSC Group UK. Users are advised to install the latest software version for…
What you should know about CVE-2020-29583 and actions to take to mitigate the risk!
Regarding the recent report of the CVE-2020-29583 case affecting Zyxel firewalls and AP controllers, Zyxel was aware of the situation on November 30, 2020 and immediately started the investigation for the complete product lines and provided the hotfix for firewalls on December 3, 2020. Some users may still have questions…
Zyxel security advisory for hardcoded credential vulnerability
Zyxel security advisory for hardcoded credential vulnerability CVE: CVE-2020-29583 Summary Zyxel has released a patch for the hardcoded credential vulnerability of firewalls and AP controllers recently reported by researchers from EYE Netherlands. Users are advised to install the applicable firmware updates for optimal…
Zyxel security advisory for command injection vulnerability of firewalls
Zyxel security advisory for command injection vulnerability of firewalls CVE: CVE-2020-29299 Summary Zyxel has released updates for a command injection vulnerability recently reported by Chaitin Security Research Lab. Users are advised to install the updates for optimal protection. What is the vulnerability? A command…
Zyxel security advisory for buffer overflow vulnerability
CVE: CVE-2020-25014 Summary Zyxel has released updates for a buffer overflow vulnerability affecting firewalls and access points. Users are advised to install the updates for optimal protection. What is the vulnerability? A buffer overflow vulnerability was identified in the “fbwifi_continue” CGI program due to a lack of…
Zyxel security advisory for command injection vulnerability of firewalls
Summary Zyxel has released updates for a command injection vulnerability recently reported by Chaitin Security Research Lab. Users are advised to install the updates for optimal protection. What is the vulnerability? A command injection vulnerability was identified in the “chg_exp_pwd” CGI program on some Zyxel security…
Zyxel security advisory for the remote code execution vulnerability of NAS and firewall products
Summary Zyxel NAS (Network Attached Storage) and firewall products are affected by a remote code execution vulnerability. Users are advised to install the the standard firmware patches or follow the workaround immediately for optimal protection. For more information, please refer to the link below:…
Zyxel security advisory for GS1900 switch vulnerabilities
CVE: CVE-2019-15799; CVE-2019-15800; CVE-2019-15801; CVE-2019-15802; CVE-2019-15803; CVE-2019-15804 Summary Zyxel has released firmware updates for recently discovered vulnerabilities of the GS1900 switches and urges users to install them immediately for optimal protection. What is the vulnerability? Zyxel GS1900 series…
Zyxel security advisory for hardcoded FTP credential vulnerability of access points
Summary Zyxel access points are affected by a hardcoded FTP credential vulnerability. Users are advised to upgrade to the latest available firmware for optimal protection. For more information, please refer to the link below: https://www.zyxel.com/support/hardcoded-FTP-credential-vulnerability-of-access-points.shtml
Zyxel security advisory for Web CGI vulnerability of gateways and access point controllers
Summary Zyxel gateways and access point controllers are affected by a Web CGI vulnerability. Users are advised to upgrade to the latest available firmware or hotfix for optimal protection. For more information, please refer to the link below:…
Zyxel security advisory for Web CGI vulnerability of gateways and access point controllers
Summary Zyxel gateways and access point controllers are affected by a Web CGI vulnerability. Users are advised to upgrade to the latest available firmware or hotfix for optimal protection. For more information, please refer to the link below:…
Zyxel security advisory for buffer overflow vulnerabilities of GS1900 switches
Summary: Zyxel’s GS1900 series switches are susceptible to buffer overflow vulnerabilities that could possibly allow device takeover without requiring credentials. Users are urged to upgrade immediately to the latest available firmware for optimal protection. For more information, please refer to the link below:…

Welcome!

It looks like you're new here. Sign in or register to get started.