Zyxel security advisory for buffer overflow vulnerability
CVE: CVE-2020-25014
Summary
Zyxel has released updates for a buffer overflow vulnerability affecting firewalls and access points. Users are advised to install the updates for optimal protection.
What is the vulnerability?
A buffer overflow vulnerability was identified in the “fbwifi_continue” CGI program due to a lack of input validation on some Zyxel security firewalls and access points that support the Facebook WiFi feature.
What products are vulnerable—and what should you do?
After a thorough investigation of our product lines, we’ve identified the vulnerable products that are within their warranty and support period and released patches to address the issue, as shown in the table below. For optimal protection, we urge users to install the applicable updates.
Note that non-listed products are NOT affected because they do not support the Facebook WiFi feature.
* Please reach out to your local Zyxel support team for the file.
Contact your local Zyxel support team if you require further assistance.
Got a question or a tipoff?
Please contact your local service rep for further information or assistance. If you’ve found a vulnerability, we want to work with you to fix it—contact security@zyxel.com.tw and we’ll get right back to you.
Acknowledgment
Thanks to w0lfzhang for reporting the issues to us.
Revision history
2020-11-26: Initial release
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 146 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.7K Security
- 262 USG FLEX H Series
- 271 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.4K Consumer Product
- 249 Service & License
- 387 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.5K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 73 Security Highlight