Jason
Zyxel security advisory for OS command injection and buffer overflow vulnerabilities of CPE and ONTs
Options
Zyxel_Jason
Posts: 395 
Zyxel Employee
Zyxel Employee
CVE: CVE-2022-26413, CVE-2022-26414
Summary
Zyxel is aware of OS command injection and buffer overflow vulnerabilities affecting some CPE and ONT models. Users are advised to adopt the applicable firmware updates for optimal protection.
What is the vulnerability?
A command injection vulnerability in the CGI program of VMG3312-T20A could allow a local authenticated attacker to execute arbitrary OS commands on a vulnerable device via a LAN interface.
A buffer overflow vulnerability was identified in some internal functions of VMG3312-T20A due to a lack of input validation and boundary verification.
What versions are vulnerable—and what should you do?
After a thorough investigation, we’ve identified the affected products that are within their vulnerability support period, as shown in the table below. We encourage users to install the applicable updates for optimal protection.
The model mentioned in the CVE description, VMG3312-T20A, entered end-of-life years previously. Therefore, firmware updates are no longer supported. We recommend that users with this model replace it with a newer-generation product, which typically come with improved designs that better suit current applications.
Note that the table below does NOT include customized models for internet service providers (ISPs). For ISPs, please contact your Zyxel sales or service representatives for further details. For users who purchased the listed devices on their own, please contact your local Zyxel support team for the new firmware file to ensure optimal protection.
|
Product |
Model |
Patch availability* |
|
DSL/Ethernet CPE |
EMG3525-T50B |
EMEA:
V5.50(ABPM.6)C0 |
|
EMG5523-T50B |
EMEA:
V5.50(ABPM.6)C0 |
|
|
EMG5723-T50K |
V5.50(ABOM.7)C0 |
|
|
EMG6726-B10A |
V5.13(ABNP.7)C0 in Jun. 2022 |
|
|
VMG1312-T20B |
V5.30(ABSB.5)C0 |
|
|
VMG3625-T50B |
V5.50(ABPM.6)C0 |
|
|
VMG3927-B50A |
V5.17(ABMT.6)C0 |
|
|
VMG3927-B50B |
V5.13(ABLY.7)C0 in Jun. 2022 |
|
|
VMG3927-B60A |
V5.17(ABMT.6)C0 |
|
|
VMG3927-T50K |
V5.50(ABOM.7)C0 |
|
|
VMG4927-B50A |
V5.13(ABLY.7)C0 in Jun. 2022 |
|
|
VMG8623-T50B |
V5.50(ABPM.6)C0 |
|
|
VMG8825-B50A |
V5.17(ABMT.6)C0 |
|
|
VMG8825-B50B |
V5.17(ABNY.7)C0 |
|
|
VMG8825-T50K |
V5.50(ABOM.7)C0 |
|
|
VMG8825-B60A |
V5.17(ABMT.6)C0 |
|
|
VMG8825-B60B |
V5.17(ABNY.7)C0 |
|
|
XMG3927-B50A |
V5.17(ABMT.6)C0 |
|
|
XMG8825-B50A |
V5.17(ABMT.6)C0 |
|
|
DX5401-B0 |
V5.17(ABYO.1)C0 |
|
|
EX3510-B0 |
V5.17(ABUP.4)C1 |
|
|
EX5401-B0 |
V5.17(ABYO.1)C0 |
|
|
EX5501-B0 |
V5.17(ABRY.2)C0 |
|
|
Fiber ONT |
AX7501-B0 |
V5.17(ABPC.1)C0 |
|
EP240P |
V5.40(ABVH.0)C0 |
|
|
PM7300-T0 |
V5.42(ACBC.1)C0 |
|
|
PMG5317-T20B |
V5.40(ABKI.4)C0 |
|
|
PMG5617GA |
V5.40(ABNA.2)C0 |
|
|
PMG5617-T20B2 |
V5.41(ACBB.1)C0 |
|
|
PMG5622GA |
V5.40(ABNB.2)C0 |
|
|
PX7501-B0 |
V5.17(ABPC.1)C0 |
*Please reach out to your local Zyxel support team for the file.
Got a question?
Please contact your local service rep or visit Zyxel’s forum for further information or assistance.
Acknowledgments
Thanks to Martin Petran from Accenture for reporting the issues to us.
Revision history
2022-04-12: Initial release
2022-04-21: Updated the patch firmware version of VMG1312-T20B
0
Categories
- All Categories
- 383 Beta Program
- 2.1K Nebula
- 116 Nebula Ideas
- 80 Nebula Status and Incidents
- 5.1K Security
- 75 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 69 Switch Ideas
- 907 WirelessLAN
- 34 WLAN Ideas
- 5.9K Consumer Product
- 209 Service & License
- 335 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 1.9K FAQ
- 887 Nebula FAQ
- 415 Security FAQ
- 231 Switch FAQ
- 201 WirelessLAN FAQ
- 46 Consumer Product FAQ
- 137 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 73 About Community
- 62 Security Highlight