Zyxel security advisory for buffer overflow vulnerability in 4G LTE and 5G NR outdoor routers
CVE: CVE-2023-27989
Summary
Zyxel has released patches for some 4G LTE and 5G NR outdoor routers affected by a buffer overflow vulnerability. Users are advised to install them for optimal protection.
What are the vulnerabilities?
A buffer overflow vulnerability in the CGI program of some Zyxel 4G LTE and 5G NR outdoor routers could allow a remote authenticated attacker to cause denial of service (DoS) conditions by sending a crafted HTTP request to a vulnerable device.
What versions are vulnerable—and what should you do?
After a thorough investigation, we’ve identified the vulnerable products that are within their vulnerability support period and released patches to address the vulnerability, as shown in the table below.
Affected model | Affected version | Patch availability |
---|---|---|
LTE7480-M804 | V1.00(ABRA.6)C0 and earlier | |
LTE7490-M904 | V1.00(ABQY.5)C0 and earlier | |
NR7101 | V1.00(ABUV.7)C0 and earlier | |
Nebula NR7101 | V1.15(ACCC.3)C0 and earlier | Hotfix available by July 12, 2023* Standard patch V1.16(ACCC.0)C0 in Oct. 2023 |
*Please reach out to your local Zyxel support team for the file.
Got a question?
Please contact your local service rep or visit Zyxel’s Community for further information or assistance.
Acknowledgment
Thanks to Chengfeng Ye, Prism Research Group - cse hkust for reporting the issue to us.
Revision history
2023-6-6: Initial release.
2023-7-4: Updated the patch availability of Nebula NR7101
Categories
- All Categories
- 397 Beta Program
- 2.1K Nebula
- 116 Nebula Ideas
- 78 Nebula Status and Incidents
- 5.1K Security
- 52 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 70 Switch Ideas
- 907 WirelessLAN
- 34 WLAN Ideas
- 5.9K Consumer Product
- 211 Service & License
- 332 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 1.9K FAQ
- 880 Nebula FAQ
- 415 Security FAQ
- 221 Switch FAQ
- 195 WirelessLAN FAQ
- 46 Consumer Product FAQ
- 137 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 72 About Community
- 63 Security Highlight