Zyxel security advisory for DoS vulnerability of switches
Ally Member
CVE: CVE-2022-43393
Summary
Zyxel has released patches for some switches affected by a denial-of-service (DoS) vulnerability. Users are advised to install them for optimal protection.
What is the vulnerability?
An improper check for unusual or exceptional conditions in the HTTP request processing function of some Zyxel switch versions could allow an attacker to corrupt the contents of the memory and result in a DoS condition on an affected device.
What versions are vulnerable—and what should you do?
After a thorough investigation, we’ve identified the vulnerable products that are within their vulnerability support period and released patches to address the vulnerability, as shown in the table below.
Since switches are mostly deployed in a local area network (LAN) environment, most potential DoS attacks can be reduced by firewalls or security gateways. Furthermore, for optimal protection, we suggest that users set more stringent management rules for remote access to their switches, such as by restricting HTTP or HTTPS requests to remotely access the device management interface or by limiting remote access by specific IP addresses.
|
Affected model |
Affected version |
Patch availability |
|
GS1350-6HP |
V4.70(ABPI.4)C0 |
V4.70(ABPI.5)C0 |
|
GS1350-12HP |
V4.70(ABPJ.4)C0 |
V4.70(ABPJ.5)C0 |
|
GS1350-18HP |
V4.70(ABPK.4)C0 |
V4.70(ABPK.5)C0 |
|
GS1350-26HP |
V4.70(ABPL.4)C0 |
V4.70(ABPL.5)C0 |
|
GS1915-8 |
V4.70(ACAP.2)C0 |
V4.70(ACAP.3)C0 |
|
GS1915-8EP |
V4.70(ACAQ.2)C0 |
V4.70(ACAQ.3)C0 |
|
GS1915-24E |
V4.70(ACDR.2)C0 |
V4.70(ACDR.3)C0 |
|
GS1915-24EP |
V4.70(ACDS.2)C0 |
V4.70(ACDS.3)C0 |
|
GS1920-8HPv2 |
V4.70(ABKZ.7)C0 |
V4.70(ABKZ.8)C0 |
|
GS1920-24v2 |
V4.70(ABMH.7)C0 |
V4.70(ABMH.8)C0 |
|
GS1920-48v2 |
V4.70(ABMJ.7)C0 |
V4.70(ABMJ.8)C0 |
|
GS1920-24HPv2 |
V4.70(ABMI.7)C0 |
V4.70(ABMI.8)C0 |
|
GS1920-48HPv2 |
V4.70(ABMK.7)C0 |
V4.70(ABMK.8)C0 |
|
GS2220-10 |
V4.70(ABRO.5)C0 |
V4.70(ABRO.6)C0 |
|
GS2220-28 |
V4.70(ABRQ.5)C0 |
V4.70(ABRQ.6)C0 |
|
GS2220-50 |
V4.70(ABRS.5)C0 |
V4.70(ABRS.6)C0 |
|
GS2220-10HP |
V4.70(ABRP.5)C0 |
V4.70(ABRP.6)C0 |
|
GS2220-28HP |
V4.70(ABRR.5)C0 |
V4.70(ABRR.6)C0 |
|
GS2220-50HP |
V4.70(ABRT.5)C0 |
V4.70(ABRT.6)C0 |
|
XGS1930-28 |
V4.70(ABHT.3)C0 |
V4.70(ABHT.5)C0 |
|
XGS1930-28HP |
V4.70(ABHS.3)C0 |
V4.70(ABHS.5)C0 |
|
XGS1930-52 |
V4.70(ABHU.3)C0 |
V4.70(ABHU.5)C0 |
|
XGS1930-52HP |
V4.70(ABHV.3)C0 |
V4.70(ABHV.5)C0 |
|
XS1930-10 |
V4.70(ABQE.5)C0 |
V4.80(ABQE.0)C0 |
|
XS1930-12HP |
V4.70(ABQF.5)C0 |
V4.80(ABQF.0)C0 |
|
XS1930-12F |
V4.70(ABZV.5)C0 |
V4.80(ABZV.0)C0 |
|
XGS2210-28 |
V4.70(AAZJ.1)C0 |
V4.70(AAZJ.2)C0 |
|
XGS2210-52 |
V4.70(AAZK.1)C0 |
V4.70(AAZK.2)C0 |
|
XGS2210-28HP |
V4.70(AAZL.1)C0 |
V4.70(AAZL.2)C0 |
|
XGS2210-52HP |
V4.70(AAZM.1)C0 |
V4.70(AAZM.2)C0 |
|
XGS2220-30 |
V4.80(ABXN.0)C0 |
V4.80(ABXN.1)C0 |
|
XGS2220-30HP |
V4.80(ABXO.0)C0 |
V4.80(ABXO.1)C0 |
|
XGS2220-30F |
V4.80(ABYE.0)C0 |
V4.80(ABYE.1)C0 |
|
XGS2220-54 |
V4.80(ABXP.0)C0 |
V4.80(ABXP.1)C0 |
|
XGS2220-54HP |
V4.80(ABXQ.0)C0 |
V4.80(ABXQ.1)C0 |
|
XGS2220-54FP |
V4.80(ACCE.0)C0 |
V4.80(ACCE.1)C0 |
|
XGS4600-32 |
V4.70(ABBH.3)C0 |
V4.70(ABBH.4)C0 |
|
XGS4600-32F |
V4.70(ABBI.3)C0 |
V4.70(ABBI.4)C0 |
|
XGS4600-52F |
V4.70(ABIK.3)C0 |
V4.70(ABIK.4)C0 |
|
XMG1930-30 |
V4.70(ACAR.0) |
V4.80(ACAR.0) |
|
XMG1930-30HP |
V4.70(ACAS.0) |
V4.80(ACAS.0) |
|
XS3800-28 |
V4.80(ABML.0)C0 |
V4.80(ABML.1)C0 |
|
MGS3500-24S |
4.10(ABBR.1)C0 |
4.10(ABBR.2)C0* |
|
MGS3520-28 |
4.10(AATN.4)C0 |
4.10(AATN.5)C0* |
|
MGS3520-28 |
4.10(ABQM.1)C0 |
4.10(ABQM.2)C0* |
|
MGS3520-28F |
4.10(AATM.3)C0 |
4.10(AATM.4)C0* |
|
MGS3530-28 |
4.10(ACEM.1)C0 |
4.10(ACEM.2)C0* |
|
MGS3530-28 |
4.10(ACFJ.0)C0 |
4.10(ACFJ.1)C0* |
*Please reach out to your local Zyxel support team for the file.
Got a question?
Please contact your local service rep or visit Zyxel’s Community for further information or assistance.
Acknowledgement
Thanks to Nikita Abramov from Positive Technologies for reporting the issue to us.
Revision history
2023-1-11: Initial release
Comments
-
XGS2220-30hp switch is this Physically stack able?
0 -
Hi @Arif,
Thanks for your interest in XGS2220 stacking.
It does provide the stacking function, but it needs firmware support that will be available in August.Zyxel Melen
0 -
Hi @Arif,
We have received the same request from your colleagues and have some questions we would like to clarify. Let's deal with this request via the ticket.
Zyxel Melen
0
Zyxel Employee
Categories
- All Categories
- 397 Beta Program
- 2.1K Nebula
- 116 Nebula Ideas
- 78 Nebula Status and Incidents
- 5.1K Security
- 52 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 70 Switch Ideas
- 907 WirelessLAN
- 34 WLAN Ideas
- 5.9K Consumer Product
- 211 Service & License
- 332 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 1.9K FAQ
- 880 Nebula FAQ
- 415 Security FAQ
- 221 Switch FAQ
- 195 WirelessLAN FAQ
- 46 Consumer Product FAQ
- 137 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 73 About Community
- 63 Security Highlight