Zyxel Releases Multiple Security Advisories
Advisories address vulnerabilities in Zyxel firewalls, APs, extenders, and security router devices
Summary
Advisories address vulnerabilities in Zyxel firewalls, APs, extenders, and security router devices
Affected platforms
The following platforms are known to be affected:
The following platforms are also known to be affected:
Fiber ONT (optical network terminal)
- AX7501-B0
- AX7501-B1
- PM3100-T0
- PM5100-T0
- PM7300-T0
- PX3321-T1
Security router
- SCR50AXE
Wi-Fi extender
- WX3100-T0
- WX3401-B0
- WX5600-T0
Threat details
Introduction
Zyxel has released 3 security advisories to address vulnerabilities in Zyxel firewalls, Access Points (APs), extenders, and security router devices.
In the first security advisory, Zyxel describes seven vulnerabilities found in their ATP and USG FLEX firewall product lines. Two vulnerabilities could allow an attacker to create a denial-of-service (DoS) condition, four vulnerabilities could allow an attacker to execute some operating system (OS) commands on an affected device, and one could allow an attacker to gain browser-based information.
In the second advisory, Zyxel describes one vulnerability known as CVE-2024-7261, which affects APs and security router devices. CVE-2024-7261 is a command injection vulnerability that could allow an unauthenticated attacker to execute OS commands on an affected device.
A buffer overflow vulnerability is addressed in the third advisory, which affects 5G NR/4G LTE CPE, DSL/Ethernet CPE, fiber ONT, WiFi extender, and security router devices. An unauthenticated attacker could exploit CVE-2024-5412 to cause a DoS condition.
Remediation advice
Affected organisations are encouraged to review Zyxel's security advisories and apply the relevant updates.
Remediation steps
Type | Step |
---|---|
Patch |
Zyxel security advisory for multiple vulnerabilities in firewalls
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-09-03-2024 |
Patch |
Zyxel security advisory for OS command injection vulnerability in APs and security router devices
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-os-command-injection-vulnerability-in-aps-and-security-router-devices-09-03-2024 |
Patch |
Zyxel security advisory for buffer overflow vulnerability in some 5G NR CPE, DSL/Ethernet CPE, fiber ONT, WiFi extender, and security router devices
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-buffer-overflow-vulnerability-in-some-5g-nr-cpe-dsl-ethernet-cpe-fiber-ont-wifi-extender-and-security-router-devices-09-03-2024 |
Definitive source of threat updates
- https://www.zyxel.com/global/en/support/security-advisories
- https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-09-03-2024
- https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-os-command-injection-vulnerability-in-aps-and-security-router-devices-09-03-2024
- https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-buffer-overflow-vulnerability-in-some-5g-nr-cpe-dsl-ethernet-cpe-fiber-ont-wifi-extender-and-security-router-devices-09-03-2024
CVE Vulnerabilities
Last edited: 4 September 2024 3:47 pm