Zyxel security advisory for buffer overflow vulnerability in some ......
Zyxel Employee
Zyxel security advisory for buffer overflow vulnerabilityin some 5G NR CPE, DSL/Ethernet CPE, fiber ONT, WiFi extender, and securityrouter devices
CVE: CVE-2024-5412
Summary
Zyxel has released patches for some 5G NR/4G LTE CPE, DSL/Ethernet CPE, fiber ONT, WiFi extender, and security router devices affected by a buffer overflow vulnerability. Users are advised to install them for optimal protection.
What is the vulnerability?
The buffer overflow vulnerability in the library "libclinkc" of some 5G NR/4G LTE CPE, DSL/Ethernet CPE, fiber ONT, WiFi extender, and security router devices could allow an unauthenticated attacker to cause denial of service (DoS)conditions by sending a crafted HTTP request to a vulnerable device.
What versions are vulnerable—and what should you do?
After a thorough investigation, we’ve identified the vulnerable products that are within their vulnerability support period and released patches to address the vulnerabilities,as shown in the tables below.
Product | Affected model | Affected version | Patch availability |
|---|---|---|---|
5G NR/4G LTE CPE | NR5103 | 4.19(ABYC.5)C0 and earlier | 4.19(ABYC.6)C0* |
NR5103Ev2 | 1.00 (ACIQ.0)C0 and earlier | 1.00(ACIQ.1)C0* | |
NR5307 | 1.00(ACJT.0)B5 and earlier | 1.00(ACJT.0)B6* | |
NR7103 | 1.00(ACCZ.3)C0 and earlier | 1.00(ACCZ.4)C0* | |
NR7302 | 1.00(ACHA.3)C0 and earlier | 1.00(ACHA.4)C0* | |
NR7303 | 1.00(ACEI.1)B3 and earlier | 1.00(ACEI.1)B4* | |
NR7501 | 1.00(ACEH.1)B2 and earlier | 1.00(ACEH.1)C0* | |
Nebula FWA510 | 1.18(ACGC.2)C0 and earlier | ||
Nebula FWA710 | 1.18(ACGC.2)C0 and earlier | ||
Nebula FWA505 | 1.18(ACKO.2)C0 and earlier | ||
Nebula LTE3301-PLUS | 1.18(ACCA.2)C0 and earlier | ||
DSL/Ethernet CPE | DX3300-T0 | 5.50(ABVY.5)C0 and earlier | 5.50(ABVY.5.3)C0* |
DX3300-T1 | 5.50(ABVY.5)C0 and earlier | 5.50(ABVY.5.3)C0* | |
DX3301-T0 | 5.50(ABVY.5)C0 and earlier | 5.50(ABVY.5.3)C0* | |
DX4510-B0 | 5.17(ABYL.6)C0 and earlier | 5.17(ABYL.7)B2* | |
DX5401-B0 | 5.17(ABYO.6)C0 and earlier | 5.17(ABYO.6.2)C0* | |
DX5401-B1 | 5.17(ABYO.6)C0 and earlier | 5.17(ABYO.6.2)C0* | |
EX3300-T0 | 5.50(ABVY.5)C0 and earlier | 5.50(ABVY.5.3)C0* | |
EX3300-T1 | 5.50(ABVY.5)C0 and earlier | 5.50(ABVY.5.3)C0* | |
EX3301-T0 | 5.50(ABVY.5)C0 and earlier | 5.50(ABVY.5.3)C0* | |
EX3500-T0 | 5.44(ACHR.1)C0 and earlier | 5.44(ACHR.2)C0* | |
EX3501-T0 | 5.44(ACHR.1)C0 and earlier | 5.44(ACHR.2)C0* | |
EX3510-B0 | 5.17(ABUP.11)C0 and earlier | 5.17(ABUP.12)B2* | |
EX5401-B0 | 5.17(ABYO.6)C0 and earlier | 5.17(ABYO.6.2)C0* | |
EX5401-B1 | 5.17(ABYO.6)C0 and earlier | 5.17(ABYO.6.2)C0* | |
EX5510-B0 | 5.17(ABQX.9)C0 and earlier | 5.17(ABQX.10)B2* | |
EX5512-T0 | 5.70(ACEG.3)C1 and earlier | 5.70(ACEG.3)C2* | |
EX5601-T0 | 5.70(ACDZ.3)C0 and earlier | 5.70(ACDZ.3.2)C0* | |
EX5601-T1 | 5.70(ACDZ.3)C0 and earlier | 5.70(ACDZ.3.2)C0* | |
EX7501-B0 | 5.18(ACHN.1)C0 and earlier | 5.18(ACHN.1.2)C0* | |
EX7710-B0 | 5.18(ACAK.1)C0 and earlier | 5.18(ACAK.1)C1* | |
EMG3525-T50B | 5.50(ABPM.9)C0 and earlier | 5.50(ABPM.9.2)C0* | |
EMG5523-T50B | 5.50(ABPM.9)C0 and earlier | 5.50(ABPM.9.2)C0* | |
EMG5723-T50K | 5.50(ABOM.8)C0 and earlier | 5.50(ABOM.8.4)C0* | |
VMG3625-T50B | 5.50(ABPM.9)C0 and earlier | 5.50(ABPM.9.2)C0* | |
VMG3927-T50K | 5.50(ABOM.8)C0 and earlier | 5.50(ABOM.8.4)C0* | |
VMG4005-B50A | 5.15(ABQA.2)C0 and earlier | 5.15(ABQA.2.2)C0* | |
VMG4005-B60A | 5.15(ABQA.2)C0 and earlier | 5.15(ABQA.2.2)C0* | |
VMG8623-T50B | 5.50(ABPM.9)C0 and earlier | 5.50(ABPM.9.2)C0* | |
VMG8825-T50K | 5.50(ABOM.8)C0 and earlier Customized: 5.50(ABPY.1)b24 and earlier | 5.50(ABOM.8.4)C0* Customized: 5.50(ABPY.1)b25* | |
Fiber ONT | AX7501-B0 | 5.17(ABPC.5)C0 and earlier | 5.17(ABPC.5.2)C0* |
AX7501-B1 | 5.17(ABPC.5)C0 and earlier | 5.17(ABPC.5.2)C0* | |
PM3100-T0 | 5.42(ACBF.2)C0 and earlier | 5.42(ACBF.2.1)C0* | |
PM5100-T0 | 5.42(ACBF.2)C0 and earlier | 5.42(ACBF.2.1)C0* | |
PM7300-T0 | 5.42(ABYY.2.1)C0 and earlier | 5.42(ABYY.2.2)C0* | |
PX3321-T1 | 5.44(ACJB.0)Z0 and earlier | 5.44(ACJB.0.2)Z0* | |
Security router | SCR50AXE | 1.10(ACGN.2)C0 and earlier | 1.10(ACGN.3)C0** |
Wi-Fi extender | WX3100-T0 | 5.50(ABVL.4.1)C0 and earlier | 5.50(ABVL.4.2)C0* |
WX3401-B0 | 5.17(ABVE.2.4)C0 and earlier | 5.17(ABVE.2.5)C0* | |
WX5600-T0 | 5.70(ACEB.3)C0 and earlier | 5.70(ACEB.3.2)C0* |
*Please reach out to your local Zyxel support team for the file.
**Updated by cloud
Please note that the tables do NOT include customized models for internet service providers (ISPs).
For ISPs, please contact your Zyxel sales or service representatives for further details.
For end-users who received your Zyxel device from an ISP, were commend you reach out to the ISP’s support team directly, as the device may have custom-built settings.
For end-users who purchased your Zyxel device yourself, please contact your local Zyxel support team for the new firmware file to ensure optimal protection, or visit Zyxel’s Community for further assistance.
Got a question?
Please contact your local service rep or visit Zyxel’s Community for further information or assistance.
Acknowledgment
Thanks to Dawid Kulikowski for reporting the issue to us.
Revision history
2024-9-3:Initial release.
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 144 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.6K Security
- 237 USG FLEX H Series
- 267 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.3K Consumer Product
- 246 Service & License
- 383 News and Release
- 83 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.2K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight