Zyxel security advisory for command injection and buffer overflow vulnerabilities of CPE, fiber ONTs, and WiFi extenders

CVEs: CVE-2022-43389, CVE-2022-43390, CVE-2022-43391, CVE-2022-43392

Summary

Zyxel is aware of multiple vulnerabilities reported by Positive Technologies and advises customers to install the applicable firmware updates for optimal protection.

 

What are the vulnerabilities?

  • CVE-2022-43389

    A buffer overflow vulnerability in the library of the web server in some 5G NR/4G LTE CPE devices, which could allow a remote unauthenticated attacker to execute some OS commands or to cause denial-of-service (DoS) conditions on a vulnerable device. Note that the WAN access is disabled by default on most devices.

  • CVE-2022-43390

    A command injection vulnerability in the CGI program of some 5G NR/4G LTE CPE, DSL/Ethernet CPE, fiber ONT, and WiFi extender devices, which could allow a remote authenticated attacker to execute some OS commands on a vulnerable device by sending a crafted HTTP request. Note that the WAN access is disabled by default on most devices.

  • CVE-2022-43391

    A buffer overflow vulnerability in the parameter of the CGI program in some 5G NR/4G LTE CPE, DSL/Ethernet CPE, fiber ONT, and WiFi extender devices, which could allow a remote authenticated attacker to cause DoS conditions by sending a crafted HTTP request. Note that the WAN access is disabled by default on most devices.

  • CVE-2022-43392

    A buffer overflow vulnerability in the parameter of web server in some 5G NR/4G LTE CPE, DSL/Ethernet CPE, fiber ONT, and WiFi extender devices, which could allow a remote authenticated attacker to cause DoS conditions by sending a crafted authorization request. Note that the WAN access is disabled by default on most devices.

 

What versions are vulnerable—and what should you do?

After a thorough investigation, we have identified the vulnerable products that are within their vulnerability support period and released updates to address the vulnerabilities, as shown in the following tables.

keyboard_arrow_downModels affected by CVE-2022-43389
Affected series/modelsPatch available in
5G NR/4G LTE CPE
LTE3202-M437V1.00(ABWF.1)C0
LTE3316-M604V2.00(ABMP.6)C0
LTE7480-M804V1.00(ABRA.6)C0
LTE7490-M904V1.00(ABQY.5)C0
NR5103V4.19(ABYC.3)C0
NR5103EHotfix available now
Standard firmware V1.00(ACDJ.0)C0 in Apr. 2023
NR7101V1.00(ABUV.7C0)
NR7102V1.00(ABYD.2)C0
NR7103V1.00(ACCZ.1)C0
Fiber ONT
EP240PHotfix available now
Standard firmware TBD
PM7320-B0Hotfix available now
Standard firmware TBD
PMG5317-T20BHotfix available now
Standard firmware TBD
PMG5617GAHotfix available now
Standard firmware TBD
PMG5622GAHotfix available now
Standard firmware TBD
keyboard_arrow_downModels affected by CVE-2022-43390
Affected series/modelsPatch available in
5G NR/4G LTE CPE
LTE7480-M804V1.00(ABRA.6)C0
LTE7490-M904V1.00(ABQY.5)C0
NR5101V1.00(ABVC.6)C0
NR7101V1.00(ABUV.7C0)
NR7102V1.00(ABYD.2)C0
DSL/Ethernet CPE
DX3301-T0Hotfix available now
Standard firmware V5.50(ABVY.3.4)C0 in Feb. 2023
DX4510-B1Hotfix available now
Standard firmware V5.17(ABYL.5)C0 in Jun. 2023
DX5401-B0Hotfix available now
Standard firmware V5.17(ABYO.3.1)C0 in Feb. 2023
EMG3525-T50BHotfix available now
Standard firmware V5.50(ABPM.7.3)C0 in Feb. 2023
EMG5523-T50BHotfix available now
Standard firmware V5.50(ABPM.7.3)C0 in Feb. 2023
EMG5723-T50KHotfix available now
Standard firmware V5.50(ABOM.8.2)C0 in Feb. 2023
EX3301-T0Hotfix available now
Standard firmware V5.50(ABVY.3.4)C0 in Feb. 2023
EX3510-B0V5.17(ABUP.7)C0
EX5401-B0Hotfix available now
Standard firmware V5.17(ABYO.3.1)C0 in Feb. 2023
EX5501-B0Hotfix available now
Standard firmware V5.17(ABRY.3.2)C0 in Feb. 2023
EX5510-B0V5.17(ABQX.7)C0
EX5512-T0Hotfix available now
Standard firmware TBD
EX5600-T1Hotfix available now
Standard firmware V5.70(ACDZ.0.1)C0 in Feb. 2023
EX5601-T0Hotfix available now
Standard firmware V5.70(ACDZ.0.1)C0 in Feb. 2023
EX5601-T1Hotfix available now
Standard firmware V5.70(ACDZ.0.1)C0 in Feb. 2023
VMG3927-T50KHotfix available now
Standard firmware V5.50(ABOM.8.2)C0 in Feb. 2023
VMG4005-B50AHotfix available now
Standard firmware V5.17(ABQA.2)C0 in Feb. 2023
VMG4005-B60AHotfix available now
Standard firmware V5.17(ABQA.2)C0 in Feb. 2023
VMG8623-T50BHotfix available now
Standard firmware V5.50(ABPM.7.3)C0 in Feb. 2023
VMG8825-T50KHotfix available now
Standard firmware V5.50(ABOM.8.2)C0 in Feb. 2023
Fiber ONT
AX7501-B0Hotfix available now
Standard firmware V5.17(ABPC.3)C0 in Feb. 2023
PM3100-T0Hotfix available now
Standard firmware V5.42(ACBF.1.1)C0 in Feb. 2023
PM5100-T0Hotfix available now
Standard firmware V5.42(ACBF.1.1)C0 in Feb. 2023
PM7300-T0Hotfix available now
Standard firmware V5.42(ABYY.1)C0 in Feb. 2023
PM7320-B0Hotfix available now
Standard firmware TBD
PMG5317-T20BHotfix available now
Standard firmware TBD
PMG5617-T20B2Hotfix available now
Standard firmware TBD
PMG5617GAHotfix available now
Standard firmware TBD
PMG5622GAHotfix available now
Standard firmware TBD
WiFi extender
WX3100-T0Hotfix available now
Standard firmware V5.50(ABVL.1.1)C0 in Feb. 2023
WX3401-B0Hotfix available now
Standard firmware V5.17(ABVE.2.1)C0 in Feb. 2023
WX5600-T0Hotfix available now
Standard firmware V5.70(ACEB.0.1)C0 in Feb. 2023
keyboard_arrow_downModels affected by CVE-2022-43391
Affected series/modelsPatch available in
5G NR/4G LTE CPE
LTE3301-PLUSHotfix available now
Standard firmware V1.00(ABQU.5)C0 in Feb. 2023
LTE5388-M804Hotfix available now
Standard firmware V1.00(ABSQ.4)C0 in Apr. 2023
LTE5398-M904Hotfix available now
Standard firmware V1.00(ABQV.3)C0 in Apr. 2023
LTE7240-M403Hotfix available now
Standard firmware V2.00(ABMG.6)C0 in May 2023
LTE7461-M602Hotfix available now
Standard firmware V2.00(ABQN.6)C0 in May 2023
LTE7480-M804V1.00(ABRA.6)C0
LTE7480-S905Hotfix available now
Standard firmware V1.00(ABVN.6)C0 in May 2023
LTE7485-S905Hotfix available now
Standard firmware V2.00(ABQT.6)C0 in May 2023
LTE7490-M904V1.00(ABQY.5)C0
NR5101V1.00(ABVC.6)C0
NR7101V1.00(ABUV.7C0)
NR7102V1.00(ABYD.2)C0
DSL/Ethernet CPE
DX3301-T0Hotfix available now
Standard firmware V5.50(ABVY.3.4)C0 in Feb. 2023
DX4510-B1Hotfix available now
Standard firmware V5.17(ABYL.5)C0 in Jun. 2023
DX5401-B0Hotfix available now
Standard firmware V5.17(ABYO.3.1)C0 in Feb. 2023
EMG3525-T50BHotfix available now
Standard firmware V5.50(ABPM.7.3)C0 in Feb. 2023
EMG5523-T50BHotfix available now
Standard firmware V5.50(ABPM.7.3)C0 in Feb. 2023
EMG5723-T50KHotfix available now
Standard firmware V5.50(ABOM.8.2)C0 in Feb. 2023
EX3301-T0Hotfix available now
Standard firmware V5.50(ABVY.3.4)C0 in Feb. 2023
EX3510-B0V5.17(ABUP.7)C0
EX5401-B0Hotfix available now
Standard firmware V5.17(ABYO.3.1)C0 in Feb. 2023
EX5501-B0Hotfix available now
Standard firmware V5.17(ABRY.3.2)C0 in Feb. 2023
EX5510-B0V5.17(ABQX.7)C0
EX5512-T0Hotfix available now
Standard firmware TBD
EX5600-T1Hotfix available now
Standard firmware V5.70(ACDZ.0.1)C0 in Feb. 2023
EX5601-T0Hotfix available now
Standard firmware V5.70(ACDZ.0.1)C0 in Feb. 2023
EX5601-T1Hotfix available now
Standard firmware V5.70(ACDZ.0.1)C0 in Feb. 2023
VMG3927-T50KHotfix available now
Standard firmware V5.50(ABOM.8.2)C0 in Feb. 2023
VMG4005-B50AHotfix available now
Standard firmware V5.17(ABQA.2)C0 in Feb. 2023
VMG4005-B60AHotfix available now
Standard firmware V5.17(ABQA.2)C0 in Feb. 2023
VMG8623-T50BHotfix available now
Standard firmware V5.50(ABPM.7.3)C0 in Feb. 2023
VMG8825-T50KHotfix available now
Standard firmware V5.50(ABOM.8.2)C0 in Feb. 2023
Fiber ONT
AX7501-B0Hotfix available now
Standard firmware V5.17(ABPC.3)C0 in Feb. 2023
PM3100-T0Hotfix available now
Standard firmware V5.42(ACBF.1.1)C0 in Feb. 2023
PM5100-T0Hotfix available now
Standard firmware V5.42(ACBF.1.1)C0 in Feb. 2023
PM7300-T0Hotfix available now
Standard firmware V5.42(ABYY.1)C0 in Feb. 2023
PM7320-B0Hotfix available now
Standard firmware TBD
PMG5317-T20BHotfix available now
Standard firmware TBD
PMG5617-T20B2Hotfix available now
Standard firmware TBD
PMG5617GAHotfix available now
Standard firmware TBD
PMG5622GAHotfix available now
Standard firmware TBD
WiFi extender
WX3100-T0Hotfix available now
Standard firmware V5.50(ABVL.1.1)C0 in Feb. 2023
WX3401-B0Hotfix available now
Standard firmware V5.17(ABVE.2.1)C0 in Feb. 2023
WX5600-T0Hotfix available now
Standard firmware V5.70(ACEB.0.1)C0 in Feb. 2023
keyboard_arrow_downModels affected by CVE-2022-43392
Affected series/modelsPatch available in
5G NR/4G LTE CPE
LTE3301-PLUSHotfix available now
Standard firmware V1.00(ABQU.5)C0 in Feb. 2023
LTE5388-M804Hotfix available now
Standard firmware V1.00(ABSQ.4)C0 in Apr. 2023
LTE5398-M904Hotfix available now
Standard firmware V1.00(ABQV.3)C0 in Apr. 2023
LTE7240-M403Hotfix available now
Standard firmware V2.00(ABMG.6)C0 in May 2023
LTE7461-M602Hotfix available now
Standard firmware V2.00(ABQN.6)C0 in May 2023
LTE7480-M804V1.00(ABRA.6)C0
LTE7480-S905Hotfix available now
Standard firmware V1.00(ABVN.6)C0 in May 2023
LTE7485-S905Hotfix available now
Standard firmware V2.00(ABQT.6)C0 in May 2023
LTE7490-M904V1.00(ABQY.5)C0
NR5101V1.00(ABVC.6)C0
NR7101V1.00(ABUV.7C0)
NR7102V1.00(ABYD.2)C0
DSL/Ethernet CPE
DX3301-T0Hotfix available now
Standard firmware V5.50(ABVY.3.4)C0 in Feb. 2023
DX4510-B1Hotfix available now
Standard firmware V5.17(ABYL.5)C0 in Jun. 2023
DX5401-B0Hotfix available now
Standard firmware V5.17(ABYO.3.1)C0 in Feb. 2023
EMG3525-T50BHotfix available now
Standard firmware V5.50(ABPM.7.3)C0 in Feb. 2023
EMG5523-T50BHotfix available now
Standard firmware V5.50(ABPM.7.3)C0 in Feb. 2023
EMG5723-T50KHotfix available now
Standard firmware V5.50(ABOM.8.2)C0 in Feb. 2023
EX3301-T0Hotfix available now
Standard firmware V5.50(ABVY.3.4)C0 in Feb. 2023
EX3510-B0V5.17(ABUP.7)C0
EX5401-B0Hotfix available now
Standard firmware V5.17(ABYO.3.1)C0 in Feb. 2023
EX5501-B0Hotfix available now
Standard firmware V5.17(ABRY.3.2)C0 in Feb. 2023
EX5510-B0V5.17(ABQX.7)C0
EX5512-T0Hotfix available now
Standard firmware TBD
EX5600-T1Hotfix available now
Standard firmware V5.70(ACDZ.0.1)C0 in Feb. 2023
EX5601-T0Hotfix available now
Standard firmware V5.70(ACDZ.0.1)C0 in Feb. 2023
EX5601-T1Hotfix available now
Standard firmware V5.70(ACDZ.0.1)C0 in Feb. 2023
VMG3927-T50KHotfix available now
Standard firmware V5.50(ABOM.8.2)C0 in Feb. 2023
VMG4005-B50AHotfix available now
Standard firmware V5.17(ABQA.2)C0 in Feb. 2023
VMG4005-B60AHotfix available now
Standard firmware V5.17(ABQA.2)C0 in Feb. 2023
VMG8623-T50BHotfix available now
Standard firmware V5.50(ABPM.7.3)C0 in Feb. 2023
VMG8825-T50KHotfix available now
Standard firmware V5.50(ABOM.8.2)C0 in Feb. 2023
Fiber ONT
AX7501-B0Hotfix available now
Standard firmware V5.17(ABPC.3)C0 in Feb. 2023
PM3100-T0Hotfix available now
Standard firmware V5.42(ACBF.1.1)C0 in Feb. 2023
PM5100-T0Hotfix available now
Standard firmware V5.42(ACBF.1.1)C0 in Feb. 2023
PM7300-T0Hotfix available now
Standard firmware V5.42(ABYY.1)C0 in Feb. 2023
PM7320-B0Hotfix available now
Standard firmware TBD
PMG5317-T20BHotfix available now
Standard firmware TBD
PMG5617-T20B2Hotfix available now
Standard firmware TBD
PMG5617GAHotfix available now
Standard firmware TBD
PMG5622GAHotfix available now
Standard firmware TBD
WiFi extender
WX3100-T0Hotfix available now
Standard firmware V5.50(ABVL.1.1)C0 in Feb. 2023
WX3401-B0Hotfix available now
Standard firmware V5.17(ABVE.2.1)C0 in Feb. 2023
WX5600-T0Hotfix available now
Standard firmware V5.70(ACEB.0.1)C0 in Feb. 2023
*For the patch firmware without a download link, please reach out to your Zyxel sales representative or support team for the file.

 

Please note that the table does NOT include customized models for internet service providers (ISPs).

 

Got a question?

If you are an ISP with customized models, please contact your Zyxel sales or service representative for further information or assistance. For customers who acquired your Zyxel device from an ISP, please reach out to the ISP’s support team directly, as the device may have custom-built settings.

 

Acknowledgment

Thanks to Nikita Abramov from Positive Technologies for reporting the issues to us.

 

Revision history

2023-1-11: Initial release