Table of Contents
Security researchers disclosed four new critical flaws in Zyxel Products including AP, API Controller, and Firewall Devices. These flaws let attackers to carryout cross-site scripting, command injection, and an authentication bypass vulnerabilities on the affected Zyxel products. This post is going to be important for those who use Zyxel’s AP, API Controller, and Firewall products on their network. In this post we are going to see about the four flaws found in Zyxel products, Product’s with version information affected by these vulnerabilities, and most importantly, how to fix these critical flaws found in Zyxel products.
Summary Of The Critical Flaws Found In Zyxel Products:
Here is the list of four flaws found in Zyxel products.
CVE-2022-0734
A cross-site scripting vulnerability was identified in the CGI program of some firewall versions that could allow an attacker to obtain some information stored in the user’s browser, such as cookies or session tokens, via a malicious script.
CVE-2022-26531
Multiple improper input validation flaws were identified in some CLI commands of some firewall, AP controller, and AP versions that could allow a local authenticated attacker to cause a buffer overflow or a system crash via a crafted payload.
CVE-2022-26532
A command injection vulnerability in the “packet-trace” CLI command of some firewall, AP controller, and AP versions could allow a local authenticated attacker to execute arbitrary OS commands by including crafted arguments to the command.
CVE-2022-0910
An authentication bypass vulnerability caused by the lack of a proper access control mechanism has been found in the CGI program of some firewall versions. The flaw could allow an attacker to downgrade from two-factor authentication to one-factor authentication via an IPsec VPN client.
Zyxel Products And Its Versions Affected By These Flaws:
As per the security advisory published by Zyxel, multiple products and versions are affected by these vulnerabilities.
| Product Type | Product | CVE-2022-0734 | CVE-2022-26531 | CVE-2022-26532 | CVE-2022-0910 |
| Firewall | USG/ZyWALL | ZLD V4.35~V4.70 | ZLD V4.09~V4.71 | ZLD V4.09~V4.71 | ZLD V4.32~V4.71 |
| Firewall | USG FLEX | ZLD V4.50~V5.20 | ZLD V4.50~V5.21 | ZLD V4.50~V5.21 | ZLD V4.50~V5.21 |
| Firewall | ATP | ZLD V4.35~V5.20 | ZLD V4.32~V5.21 | ZLD V4.32~V5.21 | ZLD V4.32~V5.21 |
| Firewall | VPN | ZLD V4.35~V5.20 | ZLD V4.30~V5.21 | ZLD V4.30~V5.21 | ZLD V4.32~V5.21 |
| Firewall | NSG | Not affected | V1.00~V1.33 Patch 4 | V1.00~V1.33 Patch 4 | Not affected |
| AccessPoint controllers | NXC2500 | Not affected | 6.10(AAIG.3) and earlier | 6.10(AAIG.3) and earlier | Not affected |
| AccessPoint controllers | NXC5500 | Not affected | 6.10(AAOS.3) and earlier | 6.10(AAOS.3) and earlier | Not affected |
| AccessPoint | NAP203 | Not affected | 6.25(ABFA.7) and earlier | 6.25(ABFA.7) and earlier | Not affected |
| AccessPoint | NAP303 | Not affected | 6.25(ABEX.7) and earlier | 6.25(ABEX.7) and earlier | Not affected |
| AccessPoint | NAP353 | Not affected | 6.25(ABEY.7) and earlier | 6.25(ABEY.7) and earlier | Not affected |
| AccessPoint | NWA50AX | Not affected | 6.25(ABYW.5) and earlier | 6.25(ABYW.5) and earlier | Not affected |
| AccessPoint | NWA55AXE | Not affected | 6.25(ABZL.5) and earlier | 6.25(ABZL.5) and earlier | Not affected |
| AccessPoint | NWA90AX | Not affected | 6.27(ACCV.2) and earlier | 6.27(ACCV.2) and earlier | Not affected |
| AccessPoint | NWA110AX | Not affected | 6.30(ABTG.2) and earlier | 6.30(ABTG.2) and earlier | Not affected |
| AccessPoint | NWA210AX | Not affected | 6.30(ABTD.2) and earlier | 6.30(ABTD.2) and earlier | Not affected |
| AccessPoint | NWA1123-AC-HD | Not affected | 6.25(ABIN.6) and earlier | 6.25(ABIN.6) and earlier | Not affected |
| AccessPoint | NWA1123-AC-PRO | Not affected | 6.25(ABHD.7) and earlier | 6.25(ABHD.7) and earlier | Not affected |
| AccessPoint | NWA1123ACv3 | Not affected | 6.30(ABVT.2) and earlier | 6.30(ABVT.2) and earlier | Not affected |
| AccessPoint | NWA1302-AC | Not affected | 6.25(ABKU.6) and earlier | 6.25(ABKU.6) and earlier | Not affected |
| AccessPoint | NWA5123-AC-HD | Not affected | 6.25(ABIM.6) and earlier | 6.25(ABIM.6) and earlier | Not affected |
| AccessPoint | WAC500H | Not affected | 6.30(ABWA.2) and earlier | 6.30(ABWA.2) and earlier | Not affected |
| AccessPoint | WAC500 | Not affected | 6.30(ABVS.2) and earlier | 6.30(ABVS.2) and earlier | Not affected |
| AccessPoint | WAC5302D-S | Not affected | 6.10(ABFH.10) and earlier | 6.10(ABFH.10) and earlier | Not affected |
| AccessPoint | WAC5302D-Sv2 | Not affected | 6.25(ABVZ.6) and earlier | 6.25(ABVZ.6) and earlier | Not affected |
| AccessPoint | WAC6103D-I | Not affected | 6.25(AAXH.7) and earlier | 6.25(AAXH.7) and earlier | Not affected |
| AccessPoint | WAC6303D-S | Not affected | 6.25(ABGL.6) and earlier | 6.25(ABGL.6) and earlier | Not affected |
| AccessPoint | WAC6502D-E | Not affected | 6.25(AASD.7) and earlier | 6.25(AASD.7) and earlier | Not affected |
| AccessPoint | WAC6502D-S | Not affected | 6.25(AASE.7) and earlier | 6.25(AASE.7) and earlier | Not affected |
| AccessPoint | WAC6503D-S | Not affected | 6.25(AASF.7) and earlier | 6.25(AASF.7) and earlier | Not affected |
| AccessPoint | WAC6553D-E | Not affected | 6.25(AASG.7) and earlier | 6.25(AASG.7) and earlier | Not affected |
| AccessPoint | WAC6552D-S | Not affected | 6.25(ABIO.7) and earlier | 6.25(ABIO.7) and earlier | Not affected |
| AccessPoint | WAX510D | Not affected | 6.30(ABTF.2) and earlier | 6.30(ABTF.2) and earlier | Not affected |
| AccessPoint | WAX610D | Not affected | 6.30(ABTE.2) and earlier | 6.30(ABTE.2) and earlier | Not affected |
| AccessPoint | WAX630S | Not affected | 6.30(ABZD.2) and earlier | 6.30(ABZD.2) and earlier | Not affected |
| AccessPoint | WAX650S | Not affected | 6.30(ABRM.2) and earlier | 6.30(ABRM.2) and earlier | Not affected |
How To Fix the Critical Flaws Found in Zyxel Products?
Zyxel has released software updates for firewalls and AP devices, However, the vendor has released hotfixes for AP controllers affected by CVE-2022-26531 and CVE-2022-26532. Note: The hotfixes can only be obtained by contacting the Zyxel support. Please contact the support for AP Controller updates.
Please reefer this table below to see the patched versions.
| Product Type | Product | Patched Versions |
| Firewall | USG/ZyWALL | ZLD V4.72 |
| Firewall | USG FLEX | ZLD V5.30 |
| Firewall | ATP | ZLD V5.30 |
| Firewall | VPN | ZLD V5.30 |
| Firewall | NSG | V1.33 Patch 5* |
| AccessPoint controllers | NXC2500 | Hotfix by request** |
| AccessPoint controllers | NXC5500 | Hotfix by request** |
| AccessPoint | NAP203 | 6.25(ABFA.8) |
| AccessPoint | NAP303 | 6.25(ABEX.8) |
| AccessPoint | NAP353 | 6.25(ABEY.8) |
| AccessPoint | NWA50AX | 6.25(ABYW.8) |
| AccessPoint | NWA55AXE | 6.25(ABZL.8) |
| AccessPoint | NWA90AX | 6.27(ACCV.3) |
| AccessPoint | NWA110AX | 6.30(ABTG.3) |
| AccessPoint | NWA210AX | 6.30(ABTD.3) |
| AccessPoint | NWA1123-AC-HD | 6.25(ABIN.8) |
| AccessPoint | NWA1123-AC-PRO | 6.25(ABHD.8) |
| AccessPoint | NWA1123ACv3 | 6.30(ABVT.3) |
| AccessPoint | NWA1302-AC | 6.25(ABKU.8) |
| AccessPoint | NWA5123-AC-HD | 6.25(ABIM.8) |
| AccessPoint | WAC500H | 6.30(ABWA.3) |
| AccessPoint | WAC500 | 6.30(ABVS.3) |
| AccessPoint | WAC5302D-S | Hotfix by request** |
| AccessPoint | WAC5302D-Sv2 | 6.25(ABVZ.8) |
| AccessPoint | WAC6103D-I | 6.25(AAXH.8) |
| AccessPoint | WAC6303D-S | 6.25(ABGL.8) |
| AccessPoint | WAC6502D-E | 6.25(AASD.8) |
| AccessPoint | WAC6502D-S | 6.25(AASE.8) |
| AccessPoint | WAC6503D-S | 6.25(AASF.8) |
| AccessPoint | WAC6553D-E | 6.25(AASG.8) |
| AccessPoint | WAC6552D-S | 6.25(ABIO.8) |
| AccessPoint | WAX510D | 6.30(ABTF.3) |
| AccessPoint | WAX610D | 6.30(ABTE.3) |
| AccessPoint | WAX630S | 6.30(ABZD.3) |
| AccessPoint | WAX650S | 6.30(ABRM.3) |
We hope this post would help you know how to fix these critical flaws found in Zyxel products. Please share this post and help to secure the digital world. Visit our social media page on Facebook, LinkedIn, Twitter, Telegram, Tumblr, Medium & Instagram, and subscribe to receive updates like this.
Arun KL
Arun KL is a cybersecurity professional with 15+ years of experience in IT infrastructure, cloud security, vulnerability management, Penetration Testing, security operations, and incident response. He is adept at designing and implementing robust security solutions to safeguard systems and data. Arun holds multiple industry certifications including CCNA, CCNA Security, RHCE, CEH, and AWS Security.
- April 18, 2024
Learn Something New with Free Email subscription
Learn Something New with Free Email subscription
Subscribe
Subscribe
Subscribe
Subscribe
- April 18, 2024
