Skip to main content

Zyxel Releases Multiple Security Advisories

Advisories address vulnerabilities in Zyxel firewalls, APs, extenders, and security router devices

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Advisories address vulnerabilities in Zyxel firewalls, APs, extenders, and security router devices


The following platforms are also known to be affected:

Fiber ONT (optical network terminal)    

  • AX7501-B0
  • AX7501-B1
  • PM3100-T0
  • PM5100-T0
  • PM7300-T0
  • PX3321-T1

Security router

  • SCR50AXE

Wi-Fi extender

  • WX3100-T0
  • WX3401-B0
  • WX5600-T0

Threat details

Introduction

Zyxel has released 3 security advisories to address vulnerabilities in Zyxel firewalls, Access Points (APs), extenders, and security router devices. 

In the first security advisory, Zyxel describes seven vulnerabilities found in their ATP and USG FLEX firewall product lines. Two vulnerabilities could allow an attacker to create a denial-of-service (DoS) condition, four vulnerabilities could allow an attacker to execute some operating system (OS) commands on an affected device, and one could allow an attacker to gain browser-based information.

In the second advisory, Zyxel describes one vulnerability known as CVE-2024-7261, which affects APs and security router devices. CVE-2024-7261 is a command injection vulnerability that could allow an unauthenticated attacker to execute OS commands on an affected device.

A buffer overflow vulnerability is addressed in the third advisory, which affects 5G NR/4G LTE CPE, DSL/Ethernet CPE, fiber ONT, WiFi extender, and security router devices. An unauthenticated attacker could exploit CVE-2024-5412 to cause a DoS condition.


Remediation advice

Affected organisations are encouraged to review Zyxel's security advisories and apply the relevant updates.


Remediation steps

Type Step
Patch

Zyxel security advisory for multiple vulnerabilities in firewalls

  • ATP
  • USG FLEX
  • USG FLEX 50(W)/USG20(W)-VPN

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-09-03-2024
Patch

Zyxel security advisory for OS command injection vulnerability in APs and security router devices

  • Affects models from "Zyxel Access Point (AP) and Security Routers" listed under "Affected platforms"

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-os-command-injection-vulnerability-in-aps-and-security-router-devices-09-03-2024
Patch

Zyxel security advisory for buffer overflow vulnerability in some 5G NR CPE, DSL/Ethernet CPE, fiber ONT, WiFi extender, and security router devices

  • 5G NR/4G LTE CPE
  • DSL/Ethernet CPE
  • Fiber ONT
  • Security router
  • Wi-Fi extender

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-buffer-overflow-vulnerability-in-some-5g-nr-cpe-dsl-ethernet-cpe-fiber-ont-wifi-extender-and-security-router-devices-09-03-2024


CVE Vulnerabilities

Last edited: 4 September 2024 3:47 pm