Zyxel security advisory for remote code execution and denial-of-service vulnerabilities of CPE

Summary

Zyxel has released firmware updates for RCE and DoS vulnerabilities affecting some CPE models. Customers are advised to install the updates for optimal protection.

 

What's the vulnerability?

Remote code execution and denial-of-service vulnerabilities caused by the improper input sanitization of HTTP requests were identified in the zhttpd webserver on some Zyxel CPE.

 

What products are vulnerable—and what should you do?

After a thorough investigation, we have identified the vulnerable CPE that are within their warranty and support period and are releasing firmware patches to address the issue, as shown in the table below.

Please note that the table does NOT include customized models for internet service providers (ISPs). For ISP customers, please contact your Zyxel representative for further details. For users who purchased the listed devices on their own, please contact your local Zyxel support team for the new firmware file to ensure optimal protection.

Affected models Patch available in
EMG3525-T50B
  • EMEA – V5.50(ABPM.4)C0 in Dec 2020
  • AM – V5.50(ABSL.0)b8 in Jan 2021
EMG5523-T50B
  • EMEA – V5.50(ABPM.4)C0 in Dec 2020
  • AM – V5.50(ABSL.0)b8 in Jan 2021
EMG5723-T50K V5.50(ABOM.5)C0 in Dec 2020
EMG6726-B10A V5.13 (ABNP.6).C0 in Feb 2021
EX3510-B0 V5.17(ABUP.3)C0 in Mar 2021
EX5510-B0 V5.15(ABQX.3)C0 in Jan 2021
VMG1312-T20B V5.50(ABSB.3)C0 in Dec 2020
VMG3625-T50B V5.50(ABPM.4)C0 in Dec 2020
VMG3925-B10B/B10C V5.13(AAVF.16)C0 in Dec 2020
VMG3927-B50A_B60A V5.15(ABMT.5)C0 in Dec 2020
VMG3927-B50B V5.13(ABLY.6)C0 in Feb 2021
VMG3927-T50K V5.50(ABOM.5)C0 in Dec 2020
VMG4005-B50B V5.13(ABRL.5)C0 in Q3 2021
VMG4927-B50A V5.13(ABLY.6)C0 in Feb 2021
VMG8623-T50B V5.50(ABPM.4)C0 in Dec 2020
VMG8825-B50A_B60A V5.15(ABMT.5)C0 in Dec 2020
VMG8825-Bx0B V5.17(ABNY.5)C0 in Dec 2020
VMG8825-T50K V5.50(ABOM.5)C0 in Dec 2020
VMG8924-B10D V5.13(ABGQ.6)C0 in Dec 2020
XMG3927-B50A V5.15(ABMT.5)C0 in Dec 2020
XMG8825-B50A V5.15(ABMT.5)C0 in Dec 2020

 

Got a question or a tipoff?

Please contact your local service rep for further information or assistance. If you’ve found a vulnerability, we want to work with you to fix it—contact security@zyxel.com.tw and we’ll get right back to you.

 

Acknowledgment

Thanks to Thomas Rinsma for reporting the issues to us.

 

Revision history

2020-12-17: Initial release
2021-01-29: Updated the patch firmware version of VMG8825-Bx0B