Zyxel security advisory for FragAttacks against WiFi products

 

CVE: CVE-2020-24586CVE-2020-24587CVE-2020-24588

Summary

Zyxel is aware of the FRagmentation and AGgregation Attacks against WiFi vulnerability (dubbed “FragAttacks”) and is releasing patches for some vulnerable WiFi products. Users are advised to adopt the applicable firmware updates or follow the advice below for optimal protection.

 

What is the vulnerability?

The FragAttacks vulnerability was identified in the IEEE 802.11 implementation of de-aggregation and de-fragmentation of frames at the receiver in some WiFi devices. Of the twelve CVEs reported by Wi-Fi Alliance®, three affect Zyxel products, namely:

Please refer to the official CVEs for the technical details and severity. Zyxel products are NOT affected by the nine other CVEs (CVE-2020-26139 - CVE-2020-26147) either because they do not use the vulnerable packages or their vulnerable versions.

It is important to note that an attacker has to be physically within the wireless range of the vulnerable device to exploit these weaknesses, thus the impact is relatively limited. According to Wi-Fi Alliance®, there is currently no evidence of the vulnerabilities being used against WiFi users maliciously.

 

What versions are vulnerable—and what should you do?

After a thorough investigation, we’ve identified the affected products that are within their warranty and support period, as shown in the link here. We are already working with WiFi chip vendors to prepare the patches and will continue to update the advisory as additional information becomes available. We urge users to install the applicable updates when available for optimal protection.

Please note that the table in the link provided does NOT include customized models for internet service providers (ISPs).

If you are an ISP, please contact your Zyxel sales or service representative for further details.

If you are an end-user who received your Zyxel device from an ISP, please reach out to the ISP’s support team directly, as the device may have custom-built settings.

If you are an end-user who purchased your Zyxel device yourself, please contact your local Zyxel support team or visit our forum for further assistance.

For those vulnerable products with chips and drivers no longer supported by WiFi chip vendors, we recommend that users follow the general security practices below or upgrade their models.

1. Enable WPA2/WPA3 for wireless connections.

2. Use strong, unique connection passwords for every service set identifier (SSID) and change them regularly.

3. Enable firewall rules on the affected device or its connected gateway/firewall, if any.

 

Affected model list

Please note that the table does NOT include customized models for internet service providers (ISPs).

If you are an ISP, please contact your Zyxel sales or service representative for further details.

If you are an end-user who received your Zyxel device from an ISP, please reach out to the ISP’s support team directly, as the device may have custom-built settings.

If you are an end-user who purchased your Zyxel device yourself, please visit our forum for further assistance.

Affected model Model Patch availability
AP NWA110AX Available in download library
NWA1123-AC HD Available in download library
NWA1123AC PRO Patch not supported. Please follow the general security practices
NWA1123-ACv2 Patch not supported. Please follow the general security practices
NWA1123ACv3 Available in download library
NWA1302-AC Available in download library
NWA210AX Available in download library
NWA5123-AC Patch not supported. Please follow the general security practices
NWA5123-AC HD Available in download library
WAC500 Available in download library
WAC500H Available in download library
WAC5302D-S

 Available in download library

WAC5302D-Sv2 Available in download library
WAC6103D-I Patch not supported. Please follow the general security practices
WAC6303D-S Available in download library
WAC6502D-E Patch not supported. Please follow the general security practices
WAC6502D-S Patch not supported. Please follow the general security practices
WAC6503D-S Patch not supported. Please follow the general security practices
WAC6552D-S Patch not supported. Please follow the general security practices
WAC6553D-E Patch not supported. Please follow the general security practices
WAX510D Available in download library
WAX610D Available in download library
WAX650S Available in download library
Firewall ATP100W Patch not supported. Please follow the general security practices
USG FLEX 100W Patch not supported. Please follow the general security practices
USG20W-VPN Patch not supported. Please follow the general security practices
USG40W Patch not supported. Please follow the general security practices
USG60W Patch not supported. Please follow the general security practices
CPE AMG1302-T11C Patch not supported. Please follow the general security practices
DX4510-B0 Not Available on EU market
DX5401-B0 V5.17(ABYO.1)C0 in June 2022*
EMG1702-T10A Not Available on EU market
EMG3425-Q10A Patch not supported. Please follow the general security practices
EMG3524-T10A Not Available on EU market
EMG3525-T50B Available Now
EMG5523-T50B Available Now
EMG5723-T50K Available Now
EMG6726-B10A Not available on EU market
EMG8726-B50A Not available on EU market
EX3301-T0 Available Now
EX3510-B0 Not available on EU market
EX5300-B3 Patch not supported. Please follow the general security practices
EX5301-B3 Patch not supported. Please follow the general security practices
EX5401-B0 V5.17(ABYO.1)C0 in June 2022*
EX5501-B0 V5.17(ABRY.2)C0 in June 2022*
EX5510-B0 Not available on EU market
P-660HN-51 Patch not supported. Please follow the general security practices
VMG1312-T20B Available Now
VMG3625-T50B Available Now
VMG3925-B10C Available Now
VMG3927-B50A_B60A Available Now
VMG3927-B50B Not available on EU market
VMG3927-T50K Available Now
VMG4927-B50A Not available on EU market
VMG8623-T50B Available Now
VMG8825-B50A_B60A Available Now
VMG8825-Bx0B Available Now
VMG8825-T50K Available Now
VMG8924-B10D Patch not supported. Please follow the general security practices
VMG9827-B50A Not available on EU market
XMG3927-B50A Available Now
XMG8825-B50A Available Now
ONT PMG5317-T20B V5.40(ABKI.4) in Apr 2022*
PMG5617GA V5.40(ABNA.2) in Apr 2022*
PMG5622GA V5.40(ABNB.2) in Apr 2022*
PMG5705-T10A Patch not supported. Please follow the general security practices
5G NR/4G LTE CPE LTE2566 Patch not supported. Please follow the general security practices
LTE3202-M430 Patch not supported. Please follow the general security practices
LTE3202-M437 To be updated
LTE3301-M209 Patch not supported. Please follow the general security practices
LTE3301-PLUS Available Now
LTE3302-M432 Patch not supported. Please follow the general security practices
LTE3316-M604(v1) Patch not supported. Please follow the general security practices
LTE3316-M604(v2) Available Now
LTE4506-M606 Patch not supported. Please follow the general security practices
LTE5366 Patch not supported. Please follow the general security practices
LTE5388-M804 V1.00(ABSQ.2)C0 in April 2022
LTE5388-S905 Not available on EU market
LTE7240-M403 Available Now
LTE7461-M602 Not available on EU market
LTE7480-M804 Available Now
LTE7480-S905 Not available on EU market
LTE7485-S905 Not available on EU market
LTE7490-M904 V1.00(ABQY.3)C0 in April 2022
NR2101 V1.00(ABUS.4)C0 in April 2022
NR5101 Available Now
NR7101 Available Now
WAH7601 To be updated
WAH7608 To be updated
WAH7706 Patch not supported. Please follow the general security practices
WiFi system AX7501-B0 Available Now
DX3301-T0 Available Now
DX5301-B3 Patch not supported. Please follow the general security practices
WSQ20 (Multy Mini) Available in download library
WSQ50 (Multy X) Available in download library
WSQ60 (Multy Plus) Available in download library
WSR30 (Multy U) Available in download library
WX3100-T0 Available Now
Home router NBG-418N v2 Available Now
NBG6515 Patch not supported. Please follow the general security practices
NBG6604 Available in download library
NBG6615 Patch not supported. Please follow the general security practices
NBG6817 (Armor Z2) Patch not supported. Please follow the general security practices
NBG6818 (Armor G1) Available in download library
NBG7815 (Armor G5) Available in download library
Wireless extender NWD6505 Patch not supported. Please follow the general security practices
NWD6602 Patch not supported. Please follow the general security practices
NWD6605 Patch not supported. Please follow the general security practices
WAP3205 v3 Available in download library
WAP6804 Patch not supported. Please follow the general security practices
WAP6806 Patch not supported. Please follow the general security practices
WAP6807 Available Now
WRE2206 Patch not supported. Please follow the general security practices
WRE6505 v2 Patch not supported. Please follow the general security practices
WRE6602 Patch not supported. Please follow the general security practices
WRE6605 Patch not supported. Please follow the general security practices
WX3310-B0 Available Now
WX3401-B0 Available Now

 

Articles in this section

Was this article helpful?
2 out of 7 found this helpful
Share