Zyxel, a networking solutions provider, has released patches to dozens of its products, including business routers, firewalls, access points, 5G, DSL/Ethernet equipment, and other devices. Some of the nine disclosed vulnerabilities allow potential attackers to execute OS commands without any authorization.
In total, Zyxel released three security advisories for nine vulnerabilities, affecting the vendor’s devices. Some of them are critical.
A security router USG LITE 60AX and 28 Zyxel access points (AP), such as Cloud WiFi6 AX1800 Wireless (NWA50AX), WiFi 6E (802.11axe) AXE5400 Dual Radio (NWA220AX-6E), or BE11000 Enterprise-Grade WiFi 7 Triple Radio (NWA130BE), are affected by a critical vulnerability that allows unauthenticated attackers to execute OS commands by sending a crafted cookie to a vulnerable device.
The vulnerability is caused by the improper neutralization of special elements in the CGI (Common Gateway Interface) program's parameter “host.”
Seven vulnerabilities, including command injection, buffer overflow, and others, affect three Zyxel Firewall series (ATP, USG FLEX, and USG FLEX 50(W)/USG20(W)-VPN).
Attackers could exploit these to execute OS commands, cause Denial of Service (DoS) conditions, and trick users into executing malicious scripts by visiting a crafted URL, exposing browser-based information.
“Zyxel has released patches addressing multiple vulnerabilities in some firewall versions. Users are advised to install the patches for optimal protection,” the company said.
Another high-severity buffer overflow vulnerability affects dozens of 5G NR/4G LTE CPE (customer premises equipment), DSL/Ethernet CPE, fiber ONT, WiFi extender, and security router devices.
An unauthorized threat actor could exploit it to make devices unavailable to the intended users (the denial of service conditions). All they would need to do is send a crafted HTTP request to a vulnerable device.
Some of the affected models are Zyxel 5G NR 4.67 Gbps Indoor Router (Nebula FWA510), NR5103 5G NR Indoor Router, AXE5400 WiFi 6E Security Router (SCR50AXE), Dual-Band Wireless AX1800 Gigabit Access Point/Extender.
The full list of affected devices does not include customized models for Internet Service Providers (ISPs). End-users often receive routers and other devices from their ISPs. Zyxel recommends contacting the ISP’s support team directly, as the affected device may have custom-built settings.
Zyxel acknowledged security researchers from various institutions for reporting the issues.
Zyxel devices are popular among infrastructure operators in Europe. Previously, hackers potentially linked to Russia’s military intelligence carried out a large cyberattack in Denmark exploiting zero-day vulnerabilities in Zyxel firewalls.
Your email address will not be published. Required fields are markedmarked