Zyxel security advisory for password guessing vulnerability of GS1200 series switches






CVE: CVE-2022-0823
Summary
Zyxel is aware that GS1200 series switches are vulnerable to password-guessing attacks. Users are advised to install the applicable updates for optimal protection.
What is the vulnerability?
An improper control of interaction frequency vulnerability in Zyxel GS1200 series switches could allow a local attacker to guess the password by using a timing side-channel attack.
What versions are vulnerable—and what should you do?
After a thorough investigation, we’ve identified the vulnerable products that are within their vulnerability support period and released hotfixes, and will release patches to address the issue, as shown in the table below.
Affected model |
Patch availability |
|
Hotfix |
Standard firmware |
|
GS1200-5 |
V2.00(ABKM.2) in Nov. 2022 |
|
GS1200-5HP |
V2.00(ABKN.2) in Nov. 2022 |
|
GS1200-8 |
V2.00(ABME.2) in Nov. 2022 |
|
GS1200-8HP |
V2.00(ABMF.2) in Nov. 2022 |
Got a question?
Please contact your local service rep or visit Zyxel’s forum for further information or assistance.
Acknowledgments and commentary
Thanks to Lars Haulin for reporting the issue to us.
Revision history
2022-06-07: Initial release
Categories
- All Categories
- 187 Beta Program
- 1.7K Nebula
- 90 Nebula Ideas
- 63 Nebula Status and Incidents
- 4.7K Security
- 236 Security Ideas
- 1.1K Switch
- 51 Switch Ideas
- 917 WirelessLAN
- 27 WLAN Ideas
- 5.4K Consumer Product
- 173 Service & License
- 296 News and Release
- 65 Security Advisories
- 14 Education Center
- 1K FAQ
- 450 Nebula FAQ
- 256 Security FAQ
- 100 Switch FAQ
- 115 WirelessLAN FAQ
- 22 Consumer Product FAQ
- 67 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 68 About Community
- 52 Security Highlight