Zyxel security advisory for WiFi simple config buffer overflow vulnerabilities

CVE: CVE-2021-35392, CVE-2021-35393

Summary

Zyxel is aware of two buffer overflow vulnerabilities in the WiFi Simple Config of Realtek’s Software Development Kit (SDK) for WiFi products and will release patches for the vulnerable products on the market. Users are advised to install the applicable firmware updates for optimal protection.

What are the vulnerabilities?

The first vulnerability is a stack buffer overflow that is present due to unsafe parsing of the UPnP SUBSCRIBE/UNSUBSCRIBE Callback header. The second vulnerability is a heap buffer overflow that is present due to unsafe crafting of SSDP NOTIFY messages from received M-SEARCH messages.

What versions are vulnerable—and what should you do?

After a thorough investigation, we’ve identified the vulnerable products that are within their warranty and support period and will release firmware patches to address the issues, as shown in the table below.

Please note that the table does NOT include customized models for internet service providers (ISPs).

Affected series/models	Patch available in
WAP6804	V1.00 (ABKH.9)C0 in end of Oct. 2021*

*Please reach out to your local Zyxel support team for the file.

Got a question or a tipoff?

If you are an ISP with customized models, please contact your Zyxel sales or service representative for further information or assistance.

Acknowledgment

Thanks to IoT Inspector GmbH for reporting the issues to us.

Revision history

2021-08-16: Initial release

2021-08-26: Adjusted the patch plan of WAP6804

The company

News

Customer stories

Sustainability

Events

Awards

The Minimal Series

5G NR Solutions – Sweden ISP Three

Zyxel Communications achieves Wi-Fi Alliance’s Wi-Fi 7 certification

Security advisories

Multimedia

Partner portal

GPL-OSS software notice