Zyxel Security Advisory for WiFi Simple Config Buffer Overflow Vulnerabilities
Zyxel Employee
CVE: CVE-2021-35392, CVE-2021-35393
Summary
Zyxel is aware of two buffer overflow vulnerabilities in the WiFi Simple Config of Realtek’s Software Development Kit (SDK) for WiFi products and will release patch for the vulnerable product on the market. Users are advised to install the applicable firmware update for optimal protection.
What are the vulnerabilities?
The first vulnerability is a stack buffer overflow that is present due to unsafe parsing of the UPnP SUBSCRIBE/UNSUBSCRIBE Callback header. The second vulnerability is a heap buffer overflow that is present due to unsafe crafting of SSDP NOTIFY messages from received M-SEARCH messages.
What versions are vulnerable—and what should you do?
After a thorough investigation, we’ve identified one vulnerable product that is within its warranty and support period and will release firmware patch to address the issues, as shown in the table below.
| Affected model | Patch availability |
|---|---|
| WAP6804 | V1.00 (ABKH.9)C0 in end of Oct. 2021* |
| NBG6615 | V1.00(ABMV.6)C0 in middle of Nov. 2021 |
| NBG-418N v2 | V1.00(AARP.11)C0 in end of Nov. 2021 |
| WAP3205 v3 | V2.00(ABDM.5)C0 in end of Nov. 2021 |
*Please reach out to your local Zyxel support team for the file.
Please note that the P-330W, X150N, NBG-2105, NBG-416N, and NBG-418N models mentioned in a report by IoT Inspector entered end-of-life years previously; therefore, firmware updates are no longer provided for them. We recommend that users with these models replace them with newer-generations products, which typically come with improved designs that better suit current applications.
Got a question or a tipoff?
Please contact your local service rep or comment as below for further information or assistance.
Acknowledgment
Thanks to IoT Inspector GmbH for reporting the issues to us.
Revision history
2021-8-16: Initial release
2021-8-26: Adjusted the patch plan of WAP6804, and added NBG6615 to the affected model list
2021-9-16: Added NBG-418N v2 and WAP3205 v3 to the affected model list
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 151 Nebula Ideas
- 98 Nebula Status and Incidents
- 5.7K Security
- 277 USG FLEX H Series
- 277 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 42 Wireless Ideas
- 6.4K Consumer Product
- 250 Service & License
- 395 News and Release
- 85 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.6K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 74 Security Highlight