Zyxel advisory for vulnerability CVE-2015-7547

 

A new vulnerability covered in advisory CVE-2015-7547 identifies a stack-based buffer overflow security weakness in the GNU C Library (commonly known as glibc). The vulnerability could allow potential exploitation such as denial of service or remote code execution.

 

Are Zyxel products at risk?

After a thorough investigation into all Zyxel products, Zyxel has identified the affected products, as listed in the table below, and assures customers the solutions are already available or in preparation to close the vulnerability.

 

What is Zyxel doing about it?

A hotfix is now available for several products through Zyxel Support. The patch will also be included in the next firmware releases for the affected products. The table below includes the solution and firmware release schedule for the affected products.

 

Affected products

Product Series/Model Solution
Security Appliances USG60W/60/40W/40
USG310/210/110
USG1900/1100
ZyWALL Series
Datecode available on Feb. 24.
Patch in firmware ZLD4.15P1, available on Mar. 3.
USG200/100-PLUS/100/50/20W/20
USG2000/1000/300
Datecode available on Mar. 11. (Please contact your local Zyxel customer service directly.)
Commercial Gateways UAG2100/4100

Datecode available on Feb. 25
Patch in firmware ZLD4.10P2, available by end of April

UAG5100

Datecode available on Feb. 26
Patch in firmware ZLD4.10P2, available by end of April

WLAN Controllers NXC

Patch in firmware 4.30, available in July

Network Storage NAS520/540/542

Patch in firmware V5.11P2, available on Mar. 8

NAS326

Patch in firmware V5.11P3, available on Mar. 8

LTE CPE WAH7706

Patch in firmware V1.00(ABBC.3)C0, available on Mar. 24

 

Please contact your local service or sales representatives if you require any further assistance.