Zyxel security advisory for AMNESIA:33 vulnerabilities

CVE:

CVE-2020-13984, CVE-2020-13985, CVE-2020-13986, CVE-2020-13987, CVE-2020-13988, CVE-2020-17437    , CVE-2020-17438, CVE-2020-17439, CVE-2020-17440, CVE-2020-17441, CVE-2020-17442    , CVE-2020-17443, CVE-2020-17444, CVE-2020-17445, CVE-2020-17467, CVE-2020-17468, CVE-2020-17469, CVE-2020-17470, CVE-2020-24334           , CVE-2020-24336, CVE-2020-24337, CVE-2020-24338, CVE-2020-24339, CVE-2020-24340, CVE-2020-24340, CVE-2020-24341, CVE-2020-24383, CVE-2020-25107, CVE-2020-25108, CVE-2020-25109, CVE-2020-25110, CVE-2020-25111   , CVE-2020-25112

Summary

Zyxel is not affected by AMNESIA:33 - memory corruption vulnerabilities of embedded TCP/IP stacks.

What are the vulnerabilities?

Multiple open-source embedded TCP/IP stacks, commonly used in Internet of Things (IoT) and embedded devices, have several vulnerabilities stemming from improper memory management. These vulnerabilities are also dubbed as AMNESIA:33.

What products are vulnerable—and what should you do?

After a thorough investigation of our product lines, we confirm that Zyxel is NOT affected because our products do not make use of these vulnerable TCP/IP stacks.