Zyxel security advisory for DoS vulnerability of switches

CVE: CVE-2022-43393


Zyxel has released patches for some switches affected by a denial-of-service (DoS) vulnerability. Users are advised to install them for optimal protection.

What is the vulnerability?

An improper check for unusual or exceptional conditions in the HTTP request processing function of some Zyxel switch versions could allow an attacker to corrupt the contents of the memory and result in a DoS condition on an affected device.

What versions are vulnerable—and what should you do?

After a thorough investigation, we’ve identified the vulnerable products that are within their vulnerability support period and released patches to address the vulnerability, as shown in the table below.

Since switches are mostly deployed in a local area network (LAN) environment, most potential DoS attacks can be reduced by firewalls or security gateways. Furthermore, for optimal protection, we suggest that users set more stringent management rules for remote access to their switches, such as by restricting HTTP or HTTPS requests to remotely access the device management interface or by limiting remote access by specific IP addresses.

Affected model Affected version Patch availability
GS1350-6HP V4.70(ABPI.4)C0 V4.70(ABPI.5)C0
GS1350-12HP V4.70(ABPJ.4)C0 V4.70(ABPJ.5)C0
GS1350-18HP V4.70(ABPK.4)C0 V4.70(ABPK.5)C0
GS1350-26HP V4.70(ABPL.4)C0 V4.70(ABPL.5)C0
GS1915-8 V4.70(ACAP.2)C0 V4.70(ACAP.3)C0
GS1915-8EP V4.70(ACAQ.2)C0 V4.70(ACAQ.3)C0
GS1915-24E V4.70(ACDR.2)C0 V4.70(ACDR.3)C0
GS1915-24EP V4.70(ACDS.2)C0 V4.70(ACDS.3)C0
GS1920-8HPv2 V4.70(ABKZ.7)C0 V4.70(ABKZ.8)C0
GS1920-24v2 V4.70(ABMH.7)C0 V4.70(ABMH.8)C0
GS1920-48v2 V4.70(ABMJ.7)C0 V4.70(ABMJ.8)C0
GS1920-24HPv2 V4.70(ABMI.7)C0 V4.70(ABMI.8)C0
GS1920-48HPv2 V4.70(ABMK.7)C0 V4.70(ABMK.8)C0
GS2220-10 V4.70(ABRO.5)C0 V4.70(ABRO.6)C0
GS2220-28 V4.70(ABRQ.5)C0 V4.70(ABRQ.6)C0
GS2220-50 V4.70(ABRS.5)C0 V4.70(ABRS.6)C0
GS2220-10HP V4.70(ABRP.5)C0 V4.70(ABRP.6)C0
GS2220-28HP V4.70(ABRR.5)C0 V4.70(ABRR.6)C0
GS2220-50HP V4.70(ABRT.5)C0 V4.70(ABRT.6)C0
XGS1930-28 V4.70(ABHT.3)C0 V4.70(ABHT.5)C0
XGS1930-28HP V4.70(ABHS.3)C0 V4.70(ABHS.5)C0
XGS1930-52 V4.70(ABHU.3)C0 V4.70(ABHU.5)C0
XGS1930-52HP V4.70(ABHV.3)C0 V4.70(ABHV.5)C0
XS1930-10 V4.70(ABQE.5)C0 V4.80(ABQE.0)C0
XS1930-12HP V4.70(ABQF.5)C0 V4.80(ABQF.0)C0
XS1930-12F V4.70(ABZV.5)C0 V4.80(ABZV.0)C0
XGS2210-28 V4.70(AAZJ.1)C0 V4.70(AAZJ.2)C0
XGS2210-52 V4.70(AAZK.1)C0 V4.70(AAZK.2)C0
XGS2210-28HP V4.70(AAZL.1)C0 V4.70(AAZL.2)C0
XGS2210-52HP V4.70(AAZM.1)C0 V4.70(AAZM.2)C0
XGS2220-30 V4.80(ABXN.0)C0 V4.80(ABXN.1)C0
XGS2220-30HP V4.80(ABXO.0)C0 V4.80(ABXO.1)C0
XGS2220-30F V4.80(ABYE.0)C0 V4.80(ABYE.1)C0
XGS2220-54 V4.80(ABXP.0)C0 V4.80(ABXP.1)C0
XGS2220-54HP V4.80(ABXQ.0)C0 V4.80(ABXQ.1)C0
XGS2220-54FP V4.80(ACCE.0)C0 V4.80(ACCE.1)C0
XGS4600-32 V4.70(ABBH.3)C0 V4.70(ABBH.4)C0
XGS4600-32F V4.70(ABBI.3)C0 V4.70(ABBI.4)C0
XGS4600-52F V4.70(ABIK.3)C0 V4.70(ABIK.4)C0
XMG1930-30 V4.70(ACAR.0) V4.80(ACAR.0)
XMG1930-30HP V4.70(ACAS.0) V4.80(ACAS.0)
XS3800-28 V4.80(ABML.0)C0 V4.80(ABML.1)C0
MGS3500-24S 4.10(ABBR.1)C0 4.10(ABBR.2)C0*
MGS3520-28 4.10(AATN.4)C0 4.10(AATN.5)C0*
MGS3520-28 4.10(ABQM.1)C0 4.10(ABQM.2)C0*
MGS3520-28F 4.10(AATM.3)C0 4.10(AATM.4)C0*
MGS3530-28 4.10(ACEM.1)C0 4.10(ACEM.2)C0*
MGS3530-28 4.10(ACFJ.0)C0 4.10(ACFJ.1)C0*

*Please reach out to your local Zyxel support team for the file.

Got a question?

Please contact your local service rep or visit Zyxel’s Community for further information or assistance.


Thanks to Nikita Abramov from Positive Technologies for reporting the issue to us.

Revision history

2023-1-11: Initial release.