Summary
Zyxel is aware of multiple vulnerabilities reported by our security consultancy partner, SEC Consult, and advises users to install the applicable firmware updates for optimal protection.
What are the vulnerabilities?
There are eight vulnerabilities, identified as follows.
- Multiple buffer overflow vulnerabilities were discovered in the web server of the affected devices.
- The CGI program lacks a proper permission control mechanism, which could allow an attacker to read sensitive files on the devices.
- Insufficiently protected credentials in the configuration file of the devices could allow an attacker to retrieve the passwords.
- Command injection vulnerabilities were found in the diagnostic tool and the certificate upload interface of the devices.
- Access control vulnerabilities in the devices could allow a less privileged user to access the functionality of a more privileged role.
- The improper symbolic links processing vulnerability in the FTP server could allow an attacker to get read access to the root file system.
- A security flaw was found in the API of the devices that could be abused without authentication in order to obtain a new session key.
- A cross-site scripting vulnerability was identified in the printer name field of the print server menu within the web interface of the devices.
What versions are vulnerable—and what should you do?
After a thorough investigation, we’ve identified the affected products that are within their warranty and support period. If a product is not listed, it is not affected or has reached end-of-life.
We encourage users to install the applicable updates for optimal protection.
Please use the KB search when you need to know how to update your device, as for example VMG-How-to-upgrade-the-firmware
Please note that the table does NOT include customized models for internet service providers (ISPs).
If you are an ISP, please contact your Zyxel sales or service representative for further details.
If you are an end-user who received your Zyxel device from an ISP, please reach out to the ISP’s support team directly, as the device may have custom-built settings.
If you are an end-user who purchased your Zyxel device yourself, please check the list below:
| Affected product | Model | Patch availability |
| CPE | EMG3525-T50B | V5.50(ABPM.6)C0 |
| CPE | EMG5523-T50B | V5.50(ABPM.6)C0 |
| CPE | EMG5723-T50K | V5.50(ABOM.7)C0 |
| CPE | LTE3301-PLUS | V1.00(ABQU.4)C0 |
| CPE | LTE7240-M403 | V2.00(ABMG.4)C0 |
| CPE | VMG1312-T20B | V5.50(ABSB.5)C0 |
| CPE | VMG3625-T50B | V5.50(ABPM.6)C0 |
| CPE | VMG3927-B50A | V5.17(ABMT.6)C0 |
| CPE | VMG3927-B60A | V5.17(ABMT.6)C0 |
| CPE | VMG3927-T50K | V5.50(ABOM.7)C0 |
| CPE | VMG4005-B50A | V5.15(ABQA.2)C0 in Mar. 2022* |
| CPE | VMG8623-T50B | V5.50(ABPM.6)C0 |
| CPE | VMG8825-B50A | V5.17(ABMT.6)C0 |
| CPE | VMG8825-B50B | V5.17(ABNY.7)C0 |
| CPE | VMG8825-B60A | V5.17(ABMT.6)C0 |
| CPE | VMG8825-B60B | V5.17(ABNY.7)C0 |
| CPE | VMG8825-T50K | V5.50(ABOM.7)C0 |
| CPE | XMG3927-B50A | V5.17(ABMT.6)C0 |
| CPE | XMG8825-B50A | V5.17(ABMT.6)C0 |
| Firewall | VPN2S | V1.20(ABLN.2)_00210319C1 |
| ONT | EP240P | V5.40(ABVH.1)C0 in May 2022* |
| ONT | PMG5317-T20B | V5.40(ABKI.4)C0 in Apr. 2022* |
| ONT | PMG5617GA | V5.40(ABNA.2)C0 in Apr. 2022* |
| ONT | PMG5622GA | V5.40(ABNB.2)C0 in Apr. 2022* |
| WiFi system | AX7501-B0 | V5.17(ABPC.1)C0 |
| WiFi system | DX3301-T0 | V5.50(ABVY.3)C0 in Sep. 2022* |
| WiFi system | DX5401-B0 | V5.17(ABYO.1)C0 in June 2022* |
| WiFi system | EX3301-T0 | V5.50(ABVY.3)C0 in Sep. 2022* |
| WiFi system | EX5401-B0 | V5.17(ABYO.1)C0 in June 2022* |
| WiFi system | EX5501-B0 | V5.17(ABRY.2)C0 in June 2022* |
| WiFi system | WSQ50 (Multy X) | V2.20(ABKJ.7)C0 (update via App) |
| WiFi system | WSQ60 (Multy Plus) | V2.20(ABND.8)C0 (update via App) |
| WiFi system | WX3100-T0 | V5.50(ABVL.1)C0 in Mar. 2022* |
| WiFi system | WX3401-B0 | V5.17(ABVE.1)C0 |
* Will be updated during the year when the mentioned versions have been released
You can click the "Follow" button on the top of this article to get updates for this Article and can check firmware versions released later this year.
If you want to be informed of any other new security vulnerability, please check and follow this KB:
Zyxel-Security-Advisories-CVE
Acknowledgement
Thanks to SEC Consult for reporting the issues to us.
Revision history
2022-2-15: Initial release