Headline
CVE-2022-43392: Zyxel security advisory for command injection and buffer overflow vulnerabilities of CPE, fiber ONTs, and WiFi extenders | Zyxel Networks
A buffer overflow vulnerability in the parameter of web server in Zyxel Nebula NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to cause denial-of-service (DoS) conditions by sending a crafted authorization request.
CVE: CVE-2022-43389, CVE-2022-43390, CVE-2022-43391, CVE-2022-43392****Summary
Zyxel is aware of multiple vulnerabilities reported by Positive Technologies and advises users to install the applicable firmware updates for optimal protection.
What are the vulnerabilities?
CVE-2022-43389
A buffer overflow vulnerability in the library of the web server in some 5G NR/4G LTE CPE devices, which could allow a remote unauthenticated attacker to execute some OS commands or to cause denial-of-service (DoS) conditions on a vulnerable device. Note that the WAN access is disabled by default on most devices.
CVE-2022-43390
A command injection vulnerability in the CGI program of some 5G NR/4G LTE CPE, DSL/Ethernet CPE, fiber ONT, and WiFi extender devices, which could allow a remote authenticated attacker to execute some OS commands on a vulnerable device by sending a crafted HTTP request. Note that the WAN access is disabled by default on most devices.
CVE-2022-43391
A buffer overflow vulnerability in the parameter of the CGI program in some 5G NR/4G LTE CPE, DSL/Ethernet CPE, fiber ONT, and WiFi extender devices, which could allow a remote authenticated attacker to cause DoS conditions by sending a crafted HTTP request. Note that the WAN access is disabled by default on most devices.
CVE-2022-43392
A buffer overflow vulnerability in the parameter of web server in some 5G NR/4G LTE CPE, DSL/Ethernet CPE, fiber ONT, and WiFi extender devices, which could allow a remote authenticated attacker to cause DoS conditions by sending a crafted authorization request. Note that the WAN access is disabled by default on most devices.
What versions are vulnerable—and what should you do?
After a thorough investigation, we have identified the vulnerable products that are within their vulnerability support period and released updates to address the vulnerabilities, as shown in the following tables.
Product
Affected model
Patch availability*
5G NR/4G LTE CPE
LTE3202-M437
V1.00(ABWF.1)C0
LTE3316-M604
V2.00(ABMP.6)C0
LTE7480-M804
V1.00(ABRA.6)C0
LTE7490-M904
V1.00(ABQY.5)C0
Nebula FWA510
V1.15(ACGD.3)C0
Nebula FWA710
V1.15(ACGC.3)C0
Nebula NR7101
V1.15(ACCC.3)C0
NR5103
V4.19(ABYC.3)C0
NR5103E
Hotfix available now
Standard firmware V1.00(ACDJ.0)C0 in Apr. 2023
NR7101
V1.00(ABUV.7)C0
NR7102
V1.00(ABYD.2)C0
NR7103
V1.00(ACCZ.1)C0
Fiber ONT
EP240P
Hotfix available now
Standard firmware TBD
PM7320-B0
Hotfix available now
Standard firmware TBD
PMG5317-T20B
Hotfix available now
Standard firmware TBD
PMG5617GA
Hotfix available now
Standard firmware TBD
PMG5622GA
Hotfix available now
Standard firmware TBD
Product
Affected model
Patch availability*
5G NR/4G LTE CPE
LTE7480-M804
V1.00(ABRA.6)C0
LTE7490-M904
V1.00(ABQY.5)C0
Nebula NR5101
V1.15(ACCG.3)C0
Nebula NR7101
V1.15(ACCC.3)C0
NR5101
V1.00(ABVC.6)C0
NR7101
V1.00(ABUV.7)C0
NR7102
V1.00(ABYD.2)C0
DSL/Ethernet CPE
DX3301-T0
Hotfix available now
Standard firmware V5.50(ABVY.3.4)C0 in Feb. 2023
DX4510-B1
Hotfix available now
Standard firmware V5.17(ABYL.5)C0 in Jun. 2023
DX5401-B0
Hotfix available now
Standard firmware V5.17(ABYO.3.1)C0 in Feb. 2023
EMG3525-T50B
Hotfix available now
Standard firmware V5.50(ABPM.7.3)C0 in Feb. 2023
EMG5523-T50B
Hotfix available now
Standard firmware V5.50(ABPM.7.3)C0 in Feb. 2023
EMG5723-T50K
Hotfix available now
Standard firmware V5.50(ABOM.8.2)C0 in Feb. 2023
EX3301-T0
Hotfix available now
Standard firmware V5.50(ABVY.3.4)C0 in Feb. 2023
EX3510-B0
V5.17(ABUP.7)C0
EX5401-B0
Hotfix available now
Standard firmware V5.17(ABYO.3.1)C0 in Feb. 2023
EX5501-B0
Hotfix available now
Standard firmware V5.17(ABRY.3.2)C0 in Feb. 2023
EX5510-B0
V5.17(ABQX.7)C0
EX5512-T0
Hotfix available now
Standard firmware TBD
EX5600-T1
Hotfix available now
Standard firmware V5.70(ACDZ.0.1)C0 in Feb. 2023
EX5601-T0
Hotfix available now
Standard firmware V5.70(ACDZ.0.1)C0 in Feb. 2023
EX5601-T1
Hotfix available now
Standard firmware V5.70(ACDZ.0.1)C0 in Feb. 2023
VMG3927-T50K
Hotfix available now
Standard firmware V5.50(ABOM.8.2)C0 in Feb. 2023
VMG4005-B50A
Hotfix available now
Standard firmware V5.17(ABQA.2)C0 in Feb. 2023
VMG4005-B60A
Hotfix available now
Standard firmware V5.17(ABQA.2)C0 in Feb. 2023
VMG8623-T50B
Hotfix available now
Standard firmware V5.50(ABPM.7.3)C0 in Feb. 2023
VMG8825-T50K
Hotfix available now
Standard firmware V5.50(ABOM.8.2)C0 in Feb. 2023
Fiber ONT
AX7501-B0
Hotfix available now
Standard firmware V5.17(ABPC.3)C0 in Feb. 2023
PM3100-T0
Hotfix available now
Standard firmware V5.42(ACBF.1.1)C0 in Feb. 2023
PM5100-T0
Hotfix available now
Standard firmware V5.42(ACBF.1.1)C0 in Feb. 2023
PM7300-T0
Hotfix available now
Standard firmware V5.42(ABYY.1)C0 in Feb. 2023
PM7320-B0
Hotfix available now
Standard firmware TBD
PMG5317-T20B
Hotfix available now
Standard firmware TBD
PMG5617-T20B2
Hotfix available now
Standard firmware TBD
PMG5617GA
Hotfix available now
Standard firmware TBD
PMG5622GA
Hotfix available now
Standard firmware TBD
WiFi extender
WX3100-T0
Hotfix available now
Standard firmware V5.50(ABVL.1.1)C0 in Feb. 2023
WX3401-B0
Hotfix available now
Standard firmware V5.17(ABVE.2.1)C0 in Feb. 2023
WX5600-T0
Hotfix available now
Standard firmware V5.70(ACEB.0.1)C0 in Feb. 2023
Product
Affected model
Patch availability*
5G NR/4G LTE CPE
LTE3301-PLUS
Hotfix available now
Standard firmware V1.00(ABQU.5)C0 in Feb. 2023
LTE5388-M804
Hotfix available now
Standard firmware V1.00(ABSQ.4)C0 in Apr. 2023
LTE5398-M904
Hotfix available now
Standard firmware V1.00(ABQV.3)C0 in Apr. 2023
LTE7240-M403
Hotfix available now
Standard firmware V2.00(ABMG.6)C0 in May 2023
LTE7461-M602
Hotfix available now
Standard firmware V2.00(ABQN.6)C0 in May 2023
LTE7480-M804
V1.00(ABRA.6)C0
LTE7480-S905
Hotfix available now
Standard firmware V1.00(ABVN.6)C0 in May 2023
LTE7485-S905
Hotfix available now
Standard firmware V2.00(ABQT.6)C0 in May 2023
LTE7490-M904
V1.00(ABQY.5)C0
Nebula LTE3301-PLUS
V1.15(ACCA.3)C0
Nebula LTE7461-M602
V1.15(ACEV.3)C0
Nebula NR5101
V1.15(ACCG.3)C0
Nebula NR7101
V1.15(ACCC.3)C0
NR5101
V1.00(ABVC.6)C0
NR7101
V1.00(ABUV.7)C0
NR7102
V1.00(ABYD.2)C0
DSL/Ethernet CPE
DX3301-T0
Hotfix available now
Standard firmware V5.50(ABVY.3.4)C0 in Feb. 2023
DX4510-B1
Hotfix available now
Standard firmware V5.17(ABYL.5)C0 in Jun. 2023
DX5401-B0
Hotfix available now
Standard firmware V5.17(ABYO.3.1)C0 in Feb. 2023
EMG3525-T50B
Hotfix available now
Standard firmware V5.50(ABPM.7.3)C0 in Feb. 2023
EMG5523-T50B
Hotfix available now
Standard firmware V5.50(ABPM.7.3)C0 in Feb. 2023
EMG5723-T50K
Hotfix available now
Standard firmware V5.50(ABOM.8.2)C0 in Feb. 2023
EX3301-T0
Hotfix available now
Standard firmware V5.50(ABVY.3.4)C0 in Feb. 2023
EX3510-B0
V5.17(ABUP.7)C0
EX5401-B0
Hotfix available now
Standard firmware V5.17(ABYO.3.1)C0 in Feb. 2023
EX5501-B0
Hotfix available now
Standard firmware V5.17(ABRY.3.2)C0 in Feb. 2023
EX5510-B0
V5.17(ABQX.7)C0
EX5512-T0
Hotfix available now
Standard firmware TBD
EX5600-T1
Hotfix available now
Standard firmware V5.70(ACDZ.0.1)C0 in Feb. 2023
EX5601-T0
Hotfix available now
Standard firmware V5.70(ACDZ.0.1)C0 in Feb. 2023
EX5601-T1
Hotfix available now
Standard firmware V5.70(ACDZ.0.1)C0 in Feb. 2023
VMG3927-T50K
Hotfix available now
Standard firmware V5.50(ABOM.8.2)C0 in Feb. 2023
VMG4005-B50A
Hotfix available now
Standard firmware V5.17(ABQA.2)C0 in Feb. 2023
VMG4005-B60A
Hotfix available now
Standard firmware V5.17(ABQA.2)C0 in Feb. 2023
VMG8623-T50B
Hotfix available now
Standard firmware V5.50(ABPM.7.3)C0 in Feb. 2023
VMG8825-T50K
Hotfix available now
Standard firmware V5.50(ABOM.8.2)C0 in Feb. 2023
Fiber ONT
AX7501-B0
Hotfix available now
Standard firmware V5.17(ABPC.3)C0 in Feb. 2023
PM3100-T0
Hotfix available now
Standard firmware V5.42(ACBF.1.1)C0 in Feb. 2023
PM5100-T0
Hotfix available now
Standard firmware V5.42(ACBF.1.1)C0 in Feb. 2023
PM7300-T0
Hotfix available now
Standard firmware V5.42(ABYY.1)C0 in Feb. 2023
PM7320-B0
Hotfix available now
Standard firmware TBD
PMG5317-T20B
Hotfix available now
Standard firmware TBD
PMG5617-T20B2
Hotfix available now
Standard firmware TBD
PMG5617GA
Hotfix available now
Standard firmware TBD
PMG5622GA
Hotfix available now
Standard firmware TBD
WiFi extender
WX3100-T0
Hotfix available now
Standard firmware V5.50(ABVL.1.1)C0 in Feb. 2023
WX3401-B0
Hotfix available now
Standard firmware V5.17(ABVE.2.1)C0 in Feb. 2023
WX5600-T0
Hotfix available now
Standard firmware V5.70(ACEB.0.1)C0 in Feb. 2023
Product
Affected model
Patch availability*
5G NR/4G LTE CPE
LTE3301-PLUS
Hotfix available now
Standard firmware V1.00(ABQU.5)C0 in Feb. 2023
LTE5388-M804
Hotfix available now
Standard firmware V1.00(ABSQ.4)C0 in Apr. 2023
LTE5398-M904
Hotfix available now
Standard firmware V1.00(ABQV.3)C0 in Apr. 2023
LTE7240-M403
Hotfix available now
Standard firmware V2.00(ABMG.6)C0 in May 2023
LTE7461-M602
Hotfix available now
Standard firmware V2.00(ABQN.6)C0 in May 2023
LTE7480-M804
V1.00(ABRA.6)C0
LTE7480-S905
Hotfix available now
Standard firmware V1.00(ABVN.6)C0 in May 2023
LTE7485-S905
Hotfix available now
Standard firmware V2.00(ABQT.6)C0 in May 2023
LTE7490-M904
V1.00(ABQY.5)C0
Nebula LTE3301-PLUS
V1.15(ACCA.3)C0
Nebula LTE7461-M602
V1.15(ACEV.3)C0
Nebula NR5101
V1.15(ACCG.3)C0
Nebula NR7101
V1.15(ACCC.3)C0
NR5101
V1.00(ABVC.6)C0
NR7101
V1.00(ABUV.7)C0
NR7102
V1.00(ABYD.2)C0
DSL/Ethernet CPE
DX3301-T0
Hotfix available now
Standard firmware V5.50(ABVY.3.4)C0 in Feb. 2023
DX4510-B1
Hotfix available now
Standard firmware V5.17(ABYL.5)C0 in Jun. 2023
DX5401-B0
Hotfix available now
Standard firmware V5.17(ABYO.3.1)C0 in Feb. 2023
EMG3525-T50B
Hotfix available now
Standard firmware V5.50(ABPM.7.3)C0 in Feb. 2023
EMG5523-T50B
Hotfix available now
Standard firmware V5.50(ABPM.7.3)C0 in Feb. 2023
EMG5723-T50K
Hotfix available now
Standard firmware V5.50(ABOM.8.2)C0 in Feb. 2023
EX3301-T0
Hotfix available now
Standard firmware V5.50(ABVY.3.4)C0 in Feb. 2023
EX3510-B0
V5.17(ABUP.7)C0
EX5401-B0
Hotfix available now
Standard firmware V5.17(ABYO.3.1)C0 in Feb. 2023
EX5501-B0
Hotfix available now
Standard firmware V5.17(ABRY.3.2)C0 in Feb. 2023
EX5510-B0
V5.17(ABQX.7)C0
EX5512-T0
Hotfix available now
Standard firmware TBD
EX5600-T1
Hotfix available now
Standard firmware V5.70(ACDZ.0.1)C0 in Feb. 2023
EX5601-T0
Hotfix available now
Standard firmware V5.70(ACDZ.0.1)C0 in Feb. 2023
EX5601-T1
Hotfix available now
Standard firmware V5.70(ACDZ.0.1)C0 in Feb. 2023
VMG3927-T50K
Hotfix available now
Standard firmware V5.50(ABOM.8.2)C0 in Feb. 2023
VMG4005-B50A
Hotfix available now
Standard firmware V5.17(ABQA.2)C0 in Feb. 2023
VMG4005-B60A
Hotfix available now
Standard firmware V5.17(ABQA.2)C0 in Feb. 2023
VMG8623-T50B
Hotfix available now
Standard firmware V5.50(ABPM.7.3)C0 in Feb. 2023
VMG8825-T50K
Hotfix available now
Standard firmware V5.50(ABOM.8.2)C0 in Feb. 2023
Fiber ONT
AX7501-B0
Hotfix available now
Standard firmware V5.17(ABPC.3)C0 in Feb. 2023
PM3100-T0
Hotfix available now
Standard firmware V5.42(ACBF.1.1)C0 in Feb. 2023
PM5100-T0
Hotfix available now
Standard firmware V5.42(ACBF.1.1)C0 in Feb. 2023
PM7300-T0
Hotfix available now
Standard firmware V5.42(ABYY.1)C0 in Feb. 2023
PM7320-B0
Hotfix available now
Standard firmware TBD
PMG5317-T20B
Hotfix available now
Standard firmware TBD
PMG5617-T20B2
Hotfix available now
Standard firmware TBD
PMG5617GA
Hotfix available now
Standard firmware TBD
PMG5622GA
Hotfix available now
Standard firmware TBD
WiFi extender
WX3100-T0
Hotfix available now
Standard firmware V5.50(ABVL.1.1)C0 in Feb. 2023
WX3401-B0
Hotfix available now
Standard firmware V5.17(ABVE.2.1)C0 in Feb. 2023
WX5600-T0
Hotfix available now
Standard firmware V5.70(ACEB.0.1)C0 in Feb. 2023
*For the patch firmware without a download link, please reach out to your local Zyxel support team for the file.
Please note that the table does NOT include customized models for internet service providers (ISPs).
For ISPs, please contact your Zyxel sales or service representatives for further details.
For end-users who received your Zyxel device from an ISP, we recommend you reach out to the ISP’s support team directly, as the device may have custom-built settings.
For end-users who purchased the Zyxel devices on your own, please contact your local Zyxel support team for the new firmware file to ensure optimal protection, or visit our forum for further assistance.
Got a question?
Please contact your local service rep or visit Zyxel’s Community for further information or assistance.
Acknowledgment
Thanks to Positive Technologies for reporting the issues to us.
Revision history
2023-1-11: Initial release
Related news
Networking equipment maker Zyxel has released patches for a critical security flaw in its firewall devices that could be exploited to achieve remote code execution on affected systems. The issue, tracked as CVE-2023-28771, is rated 9.8 on the CVSS scoring system. Researchers from TRAPA Security have been credited with reporting the flaw. "Improper error message handling in some firewall versions