Zyxel security advisory for buffer overflow vulnerability in Realtek eCos SDK
Ally Member
CVE: CVE-2022-27255
Summary
Zyxel is aware of a buffer overflow vulnerability in some versions of Realtek’s Software Development Kit (SDK) and assures customers that Zyxel products are NOT affected.
What is the vulnerability?
A stack-based buffer overflow vulnerability was found in the SIP ALG module in some versions of Realtek’s eCos SDK. This could allow a remote unauthenticated attacker to trigger a buffer overflow and then cause a crash or achieve arbitrary code execution via a crafted SIP packet containing malicious SDP data.
What versions are vulnerable—and what should you do?
After a thorough investigation, we can confirm that Zyxel products are NOT affected, because they either do not use a vulnerable SDK version or do not adopt the vulnerable SIP ALG module.
Got a question?
Please contact your local service rep or visit Zyxel’s forum for further information or assistance.
Revision history
2022-08-18: Initial release.
Categories
- All Categories
- 384 Beta Program
- 2.1K Nebula
- 117 Nebula Ideas
- 80 Nebula Status and Incidents
- 5.1K Security
- 76 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 69 Switch Ideas
- 907 WirelessLAN
- 34 WLAN Ideas
- 5.9K Consumer Product
- 209 Service & License
- 335 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 1.9K FAQ
- 898 Nebula FAQ
- 415 Security FAQ
- 234 Switch FAQ
- 205 WirelessLAN FAQ
- 46 Consumer Product FAQ
- 137 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 73 About Community
- 62 Security Highlight