Zyxel Security Vulnerabilities: DoS, Command Injection & More

CVE-2023-6764

Zyxel’s recent security advisory spotlights multiple vulnerabilities present in select firewall and access point models. Failure to take immediate action could leave these devices open to severe security risks.

Vulnerability Breakdown

  • CVE-2023-6397 (Firewalls): Potential denial-of-service (DoS) attacks triggered within an internal network by downloading a malicious file. This flaw primarily affects systems with Anti-Malware protection enabled.
  • CVE-2023-6398 (Firewalls & APs): Authenticated attackers with administrative privileges could exploit this command injection vulnerability to run arbitrary commands on the compromised device.
  • CVE-2023-6399 (Firewalls): IPSec VPN users could send crafted data to trigger DoS conditions impacting the firewall’s “deviceid” daemon, particularly if “Device Insight” functionality is in use.
  • CVE-2023-6764 (Firewalls): While unlikely and requiring complex preconditions, remote code execution is theoretically possible due to a format string vulnerability within the IPSec VPN function.

Affected Devices

Several models are impacted:

  • Firewalls: ATP, USG FLEX, USG FLEX 50(W)/USG20(W)-VPN
  • Access Points: NWA50AX, NWA55AXE, NWA90AX, NWA110AX, NWA210AX, NWA220AX-6E, NWA1123ACv3, WAC500, WAC500H, WAX300H, WAX510D, WAX610D, WAX620D-6E, WAX630S, WAX640S-6E, WAX650S, WAX655E, WBE660S, NWA50AX-PRO, NWA90AX-PRO

Mitigation and Essential Actions

  1. Update Immediately: Zyxel has issued firmware updates to address these vulnerabilities. Install ZLD V5.37 Patch 2 for firewalls and the latest 6.29/6.70 versions for affected access points.

  2. Reinforce Security Fundamentals:

    • Robust Passwords: Enforce complex, unique passwords for administrative accounts.
    • Limited Admin Access: Minimize the distribution of administrative privileges.
    • Vigilance in Updates: Proactive installation of future patches and firmware updates for all network devices is crucial.

Importance of Swift Action

Successful exploitation of these vulnerabilities could severely compromise your network’s integrity. The consequences may include system disruption, data leaks, or potentially full system takeovers by attackers. Prioritize the installation of firmware updates and adhere to recommended security practices to ensure your Zyxel devices remain protected.