Guard against “Misfortune Cookie” vulnerability

New vulnerability to remotely manipulate CPE and Zyxel’s solution!

 

A new vulnerability that allows intruders to remotely manipulate client premise equipment (CPEs) with administrative privileges was disclosed in December 2014. CVE-2014-9222* and CVE-2014-9223* – also known as the “Misfortune Cookie” Vulnerability, present a security weakness in the residential CPEs and the devices connected to it, allowing potential exploitation such as data theft or malware infection.

 

Zyxel is well aware of the vulnerability and assures our customers that only a limited number of Zyxel models mentioned are affected, and their firmware updates will be released as shown in the table below. Addressing the list of Zyxel models mentioned, several have already been provided additional protection with a new firmware update, while the great majority are currently “end-of-life” status.

 

Below find a list of current Zyxel models on the market and the relevance of the newly discovered vulnerability. We recommend customers update the product firmware to its latest version as a measure to ensure maximum protection from all types of potential Internet intrusions and attacks.

 

*CVE-2014-9222 presents an authentication bypass vulnerability that allows unauthorized users to gain privileges remotely via a crafted cookie that triggers memory corruption.

*CVE-2014-9223 presents a buffer overflow vulnerability that allows unauthorized users to send a crafted request remotely and cause a denial of service.

 

On-market products
Product Model Name CVE-2014-9222 Affected CVE-2014-9223 Affected Latest Patch Update
COE IES1248-51 Yes Yes 2015/01/13
DSL CPE P-660R-T1/T3 v3s No Yes 2015/03/31
P-660RU-T1/T3 v3s No Yes 2015/03/31
P-660HN-T1/T3A No Yes 2015/03/31
P-660HN-T1A v2 No Yes 2015/03/31
AMG1202-T10A No Yes 2015/03/31
AMG1202-T10B No Yes 2015/01/30
AMG1302-T10A No Yes 2015/03/31
AMG1302-T10B No Yes 2015/01/30
AMG1312-T10B No Yes 2015/01/30

 

End-of-life products

*Please contact your local sales/service representatives if you require any assistance.

Product Model Name Status
Modem OMNI ADSL LAN EE (Annex A) End-of-life
Gateway/Router P202H DSS1 End-of-life
P653HWI-11 End-of-life
P653HWI-13 End-of-life
P-660H-T1 v3s End-of-life
P-660R-T1 End-of-life
P-660R-T1 v3 End-of-life
P-660R-T3 v3 End-of-life
P-660RU-T1 End-of-life
P-660RU-T1 v3 End-of-life
Prestige 623ME-T1 End-of-life
Prestige 623ME-T3 End-of-life
Prestige 623R-A1 End-of-life
Prestige 623R-T1 End-of-life
Prestige 623R-T3 End-of-life
Prestige 645 End-of-life
Prestige 645R-A1 End-of-life
Prestige 650 End-of-life
Prestige 650H/HW-31 End-of-life
Prestige 650H/HW-33 End-of-life
Prestige 650H-17 End-of-life
Prestige 650H-E1 End-of-life
Prestige 650H-E3 End-of-life
Prestige 650H-E7 End-of-life
Prestige 650HW-11 End-of-life
Prestige 650HW-13 End-of-life
Prestige 650HW-31 End-of-life
Prestige 650HW-33 End-of-life
Prestige 650HW-37 End-of-life
Prestige 650R-11 End-of-life
Prestige 650R-13 End-of-life
Prestige 650R-31 End-of-life
Prestige 650R-33 End-of-life
Prestige 650R-E1 End-of-life
Prestige 650R-E3 End-of-life
Prestige 650R-T3 End-of-life
Prestige 652H/HW-31 End-of-life
Prestige 652H/HW-33 End-of-life
Prestige 652H/HW-37 End-of-life
Prestige 652R-11 End-of-life
Prestige 652R-13 End-of-life
Prestige 660H-61 End-of-life
Prestige 660HW-61 End-of-life
Prestige 660HW-67 End-of-life
Prestige 660R-61 End-of-life
Prestige 660R-61C End-of-life
Prestige 660R-63 End-of-life
Prestige 660R-63/67 End-of-life
Prestige 791R End-of-life
Prestige 792H End-of-life

 

Products misplaced as Zyxel’s in the disclosure*

*The original vulnerability disclosure incorrectly referred the above-listed models from other manufacturers as from Zyxel.

Model Name
AAM6000EV/Z2 AAM6010EV AAM6010EV/Z2 AAM6010EV-Z2
AAM6020BI AAM6020BI-Z2 AAM6020VI/Z2