To fix vulnerabilities, install new firmware on your equipment
Zyxel eliminated four vulnerabilities discovered by Positive Technologies expert Nikita Abramov in several series of Wi-Fi routers. The routers work on 4G and 5G networks.
The vulnerable routers are used in homes, companies, remote offices, and on production sites. The vulnerabilities affected other Zyxel network devices as well, including optical network terminals, Internet gateways, and Wi-Fi amplifiers.
In particular, flaws were discovered in the following devices:
- 4G LTE CPE routers: LTE3202-M437, LTE3316-M604, LTE7480-M804, LTE490-M904
- 5G NR routers: NR5103, NR5103E, NR7101, NR7102, NR7103
- Optical network terminals (PM7320-B0 and others), Internet gateways (EX5510-B0 and others), and Wi-Fi amplifiers (WX3100-T0 and others)
Nikita Abramov explained: "Among the detected vulnerabilities, the most interesting one was CVE-2022-43389 (CVSS v3.0 score of 8.6) related to buffer overflow. It did not require authentication to be exploited and led to arbitrary code execution on the device. As a result, an attacker could gain remote access to the device and fully control its operation. Transmitted traffic was particularly at risk. In addition, there was a possibility to instigate a denial-of-service attack that could shut down the target’s connection."
Two other vulnerabilities allowed attackers to inject system commands on behalf of an authenticated user: CVE-2022-43391 (score 7.1) and CVE-2022-43392 (score 7.1). Some system commands could be executed on a vulnerable device by sending an HTTP request. Another vulnerability, CVE-2022-43390 with score 5.4, was also related to buffer overflow. During the investigation, search engines were finding vulnerable Zyxel devices mostly in South Africa and Europe.
According to the researcher, many buffer overflow vulnerabilities arise from incorrect handling of memory (bad allocation or size calculation) or during the data parsing stage, and the execution of commands becomes possible if certain special characters are not filtered. Such flaws often arise from the negligence of developers or insufficient testing. To avoid them, it is necessary to use source code testing and analysis tools during development.
To fix the vulnerabilities, update your device firmware according to the manufacturer recommendations described in the security notice. The company stresses that on most of the vulnerable devices access to global networks is disabled by default, which provides additional protection.