Zyxel security advisory for local privilege escalation vulnerability of AP Configurator

Zyxel_Jason
Zyxel_Jason Posts: 410  Zyxel Employee
Zyxel Certified Network Engineer Level 2 - Nebula Zyxel Certified Network Engineer Level 1 - Switch Zyxel Certified Network Engineer Level 1 - Nebula Zyxel Certified Sales Associate

CVE: CVE-2022-0556

Summary

Zyxel has released a patch addressing a local privilege escalation vulnerability in its AP Configurator. Users are advised to install it for optimal protection.

What is the vulnerability?

A local privilege escalation vulnerability caused by incorrect permission assignment in some directories of the Zyxel AP Configurator (ZAC) could allow an attacker to execute arbitrary code in a specific directory on the local system.

What versions are vulnerable—and what should you do?

After a thorough investigation, we’ve confirmed that only ZAC is affected and released a patch to address the issue, as shown in the table below.


Affected model

Patch availability

ZAC

V1.1.5


Got a question?

Please contact your local service rep or visit Zyxel’s forum for further information or assistance.

Acknowledgments

Thanks to Trend Micro's Zero Day Initiative for reporting the issue to us.

Revision history

2022-04-12: Initial release

Jason

Engage in the Community, become an MVP, and win exclusive prizes! https://bit.ly/Community_MVP