Protect Your Network: Zyxel Issues Firmware Updates

Zyxel Networks has released firmware updates to address multiple vulnerabilities affecting a range of its networking products, including 4G LTE/5G NR CPEs, DSL/Ethernet CPEs, fiber ONTs, and WiFi extenders. The vulnerabilities could potentially allow attackers to disrupt services or even execute malicious code on affected devices.

One of the critical flaws, identified as CVE-2024-8748, is a buffer overflow vulnerability that could allow a remote attacker to launch denial-of-service (DoS) attacks against the web management interface of vulnerable devices. This vulnerability exists in the packet parser of the third-party library “libclinkc” used in some of Zyxel’s firmware versions.

Another significant vulnerability, CVE-2024-9200, is a post-authentication command injection flaw that could allow an authenticated attacker to execute arbitrary operating system commands on vulnerable devices. This vulnerability affects the “host” parameter of the diagnostic function in some DSL/Ethernet CPE firmware versions.

A medium-severity flaw, CVE-2024-9197 is a post-authentication buffer overflow vulnerability in the “action” parameter of the CGI program that affects several firmware versions. It could allow authenticated attackers with administrative privileges to cause DoS conditions via a malicious HTTP GET request. Zyxel notes that both the vulnerable function and WAN access are “disabled by default,” further limiting exposure.

A wide range of Zyxel products is impacted, including popular models like the LTE3301-PLUS, DX3300-T0, and VMG3927-B50B. Specific firmware versions have been identified as vulnerable, with patches available for immediate deployment. For a complete list of affected models and patch details, users are encouraged to consult Zyxel’s official advisory.

Zyxel has emphasized that many of the vulnerabilities have mitigating factors. For example, CVE-2024-8748 can only be exploited if WAN access is enabled, which is disabled by default. Additionally, successful exploitation of CVE-2024-9200 requires compromising strong, unique administrator passwords.

Despite these mitigating factors, the company urges users to install the latest firmware patches as soon as possible to ensure optimal protection. Zyxel has provided a detailed list of affected products and corresponding firmware versions in its official security advisory.

“After a thorough investigation, we’ve identified the vulnerable products within their vulnerability support period and released firmware patches to address the vulnerabilities,” Zyxel stated in its advisory.

Even with mitigating factors, vulnerabilities can pose significant risks if left unaddressed. Users are encouraged to review Zyxel’s advisory and take necessary actions to secure their devices.

Related Posts:

• Zyxel Devices Targeted by Malicious Actors: Urgent Firmware Update Required
• CVE-2023-33009 & CVE-2023-33010: Two Actively Exploited Zyxel Vulnerabilities
• Zyxel Security Vulnerabilities: DoS, Command Injection & More
• CVE-2024-7261 (CVSS 9.8): Zyxel Patches Critical Vulnerability in Wi-Fi Devices
• CVE-2024-6342: Critical Command Injection Flaw in Zyxel NAS Devices, Hotfixes Released for End-of-Support Products