Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-0823: Zyxel security advisory for password guessing vulnerability of GS1200 series switches

An improper control of interaction frequency vulnerability in Zyxel GS1200 series switches could allow a local attacker to guess the password by using a timing side-channel attack.

CVE
#vulnerability
  1. Homepage
  2. Support
  3. Security Advisories
  4. Zyxel security advisory for password guessing vulnerability of GS1200 series switches

CVE: CVE-2022-0823

Summary

Zyxel is aware that GS1200 series switches are vulnerable to password-guessing attacks. Users are advised to install the applicable updates for optimal protection.

What is the vulnerability?

An improper control of interaction frequency vulnerability in Zyxel GS1200 series switches could allow a local attacker to guess the password by using a timing side-channel attack.

What versions are vulnerable—and what should you do?

After a thorough investigation, we’ve identified the vulnerable products that are within their vulnerability support period and released hotfixes, and will release patches to address the issue, as shown in the table below.

Affected model

Patch availability

Hotfix

Standard firmware

GS1200-5

V2.00(ABKM.2) in Nov. 2022

GS1200-5HP

V2.00(ABKN.2) in Nov. 2022

GS1200-8

V2.00(ABME.2) in Nov. 2022

GS1200-8HP

V2.00(ABMF.2) in Nov. 2022

Got a question?

Please contact your local service rep or visit Zyxel’s forum for further information or assistance.

Acknowledgment

Thanks to Lars Haulin for reporting the issue to us.

Revision history

2022-06-07: Initial release

Related news

Critical RCE Vulnerability Affects Zyxel NAS Devices — Firmware Patch Released

Networking equipment maker Zyxel has released patches for a critical security flaw impacting its network-attached storage (NAS) devices. Tracked as CVE-2022-34747 (CVSS score: 9.8), the issue relates to a "format string vulnerability" affecting NAS326, NAS540, and NAS542 models. Zyxel credited researcher Shaposhnikov Ilya for reporting the flaw. "A format string vulnerability was found in a

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907