Zyxel warns of several security gaps in the firewalls and WLAN controllers. Attackers could smuggle their own commands to the device’s OS without prior registration or provoke denial-of-service situations.
Advertisement
A total of seven vulnerabilities lists Zyxel in the warning message on: The configuration parser does not adequately filter user input (CVE-2023-28767, CVSS 8.8risk “high“), a vulnerability in the processing of forma strings allowing command injection through manipulated PPPoE configurations (CVE-2023-33011, CVSS 8.8, high) and with manipulated GRE configurations this is also possible (CVE-2023-33012, CVSS 8.8, high).
Zyxel Firewalls: Several high-risk vulnerabilities
Unregistered attackers can also use the Free Time WiFi hotspot function to send commands to the operating system of the devices from the LAN (CVE-2023-34139, CVSS 8.8, high). This is also possible through the hotspot management function (CVE-2023-34138, CVSS 8.0, high) and through the Access Point Management Function (CVE-2023-34141, CVSS 8.0, high). A buffer overflow when processing carefully crafted requests to the CAPWAP daemon can also result in a denial of service (CVE-2023-34140, CVSS 6.5, middle).
Zyxel closes the gaps with updated firmware. ZLD version 5.37 is available for the ATP, USG Flex, USG Flex 50(W)/USG20(W)-VPN and VPN series firewalls. IT managers can request a hotfix for the NXC2500 and NXC5500 WLAN controllers. Administrators should make the updates in a timely manner to minimize the attack surface.
Last month, Zyxel had to close critical security gaps. They concerned the manufacturer’s NAS systems.
(dmk)