Zyxel security advisory for command injection and CSRF vulnerabilities of select Armor home routers
Summary
Zyxel has released a patch addressing command injection and cross-site request forgery vulnerabilities in the Armor Z2 home router. Users are advised to install it for optimal protection.
What are the vulnerabilities?
A command-injection vulnerability in the CGI program of Armor Z1 and Z2 home routers could allow a local attacker to execute arbitrary OS commands on a vulnerable device via a LAN interface.
A cross-site request forgery vulnerability in the HTTP daemon of Armor Z1 and Z2 home routers could allow an attacker to execute arbitrary commands if they coerce or trick a local user to visit a compromised website with malicious scripts.
What versions are vulnerable—and what should you do?
After a thorough investigation, we’ve identified only Armor Z2 as being within its warranty and support period, and have released a firmware patch to address these issues, as shown in the table below.
Affected model |
Patch availability |
Armor Z2 (NBG6817) |
V1.00(ABCS.11)C0 |
Armor Z1 (NBG6816) entered end of life years previous; therefore, firmware updates are no longer supported. We recommend that users with the model replace it with a newer-generation product, which typically come with improved designs that better suit current applications.
Got a question or a tipoff?
Please contact your local service rep or comment below for further information or assistance.
Acknowledgment
Thanks to Exodus Intelligence for reporting the issues to us.
Revision history
2022-02-22: Initial release
Categories
- All Categories
- 383 Beta Program
- 2.1K Nebula
- 116 Nebula Ideas
- 80 Nebula Status and Incidents
- 5.1K Security
- 76 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 69 Switch Ideas
- 907 WirelessLAN
- 34 WLAN Ideas
- 5.9K Consumer Product
- 209 Service & License
- 335 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 1.9K FAQ
- 890 Nebula FAQ
- 415 Security FAQ
- 233 Switch FAQ
- 203 WirelessLAN FAQ
- 46 Consumer Product FAQ
- 137 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 73 About Community
- 62 Security Highlight