Zyxel to fix SSH private Key and certificate vulnerability

 

A recently discovered vulnerability identified in advisory CVE-2015-7256 reveals a security issue regarding the authentication of the non-unique certificates and SSH private keys used in networking products. Zyxel has investigated this vulnerability and take several steps to addressing it. Included below are some details.

 

Are Zyxel products affected?

After a thorough investigation in to all Zyxel products, the affected models have been isolated and listed in Table 1 below.

 

What is Zyxel doing about it?

Zyxel is now implementing fixes to ensure the non-unique certificates and SSH private keys used in authentication are randomly generated. Software enhancements will be released shortly, as indicated in Table 1.

 

Any workarounds?

Zyxel suggests users take the following steps as a good general security practice: 

  1. Be alert for suspicious web links, advertisements and websites.
  2. Make sure all devices are running the most current firmware 

Please contact your local service professional for more information and assistance.

 

Table 1. Affected models

Product Model Name Status
Access Point NWA1100-N Fix available in November 2015 (Datecode provided on demand)
NWA1100-NH Fix available in Oct 2016 (Datecode provided on demand)
NWA1121-NI Fix available in Oct 2016 (Datecode provided on demand)
NWA1123-AC Fix available in Oct 2016 (Datecode provided on demand)
NWA1123-NI Fix available in Oct 2016 (Datecode provided on demand)
DSL CPE P-660HN-51 Fix available in February 2016
P-663HN-51 Fix available in February 2016
VMG1312-B10A Fix available in February 2016
VMG1312-B30A Fix available in February 2016
VMG1312-B30B Fix available in February 2016
VMG4380-B10A Fix available in February 2016
VMG8324-B10A Fix available in February 2016
VMG8924-B10A Fix available in February 2016
VMG8924-B30A Fix available in February 2016
VSG1435-B101 Fix available in February 2016
GPON PMG5318-B20A Fix available in December 2016
Small Business
Gateway
SBG3300-N000 Fix available now (Datecode provided on demand)
SBG3300-NB00 Fix available now (Datecode provided on demand)
SBG3500-N000 Fix available now (Datecode provided on demand)
SBG3500-N000 Fix available now (Datecode provided on demand)
Switch GS1900-8 Fix available in November 2015
GS1900-24 Fix available in November 2015
Project Model C1000Z Customized model for internet service providers (ISPs).
Q1000 Customized model for internet service providers (ISPs).
FR1000Z Customized model for internet service providers (ISPs).
P8702N Customized model for internet service providers (ISPs).