Zyxel security advisory for hardcoded FTP credential vulnerability of access points
Summary
Zyxel access points are affected by a hardcoded FTP credential vulnerability. Users are advised to upgrade to the latest available firmware for optimal protection.
What’s the vulnerability?
A hardcoded FTP credential vulnerability was identified in an FTP service for Zyxel access points. The FTP service can be accessed using hardcoded credentials embedded in device firmware. When the wireless network is connected to another VLAN, the vulnerability could allow an unauthenticated individual to use the FTP service to gain access to a file containing network credentials.
What products are vulnerable—and what should you do?
After a thorough investigation, we’ve identified the affected products, as listed in the table below. For optimal protection, we strongly urge users to install the applicable firmware patches.
| Affected model | Firmware patch | |||
|---|---|---|---|---|
| Standalone mode* | Controller-managed mode** | Gateway-managed mode** | Cloud-managed mode** | |
| WAC6103D-I | 5.50(AAXH.1)C0 | 5.50(AAXH.1)C0 | 5.40(AAXH.1)C0 | 5.50(AAXH.1)C0 |
| WAC6303D-S | 5.50(ABGL.1)C0 | 5.40(ABGL.1)C0 | 5.40(ABGL.1)C0 | 5.50(ABGL.1)C0 |
| WAC6502D-E | 5.50(AASD.1)C0 | 5.50(AASD.1)C0 | 5.40(AASD.1)C0 | 5.50(AASD.1)C0 |
| WAC6502D-S | 5.50(AASE.1)C0 | 5.50(AASE.1)C0 | 5.40(AASE.1)C0 | 5.50(AASE.1)C0 |
| WAC6503D-S | 5.50(AASF.1)C0 | 5.50(AASF.1)C0 | 5.40(AASF.1)C0 | 5.50(AASF.1)C0 |
| WAC6553D-E | 5.50(AASG.1)C0 | 5.50(AASG.1)C0 | 5.40(AASG.1)C0 | 5.50(AASG.1)C0 |
| WAC6552D-S | 5.50(ABIO.1)C0 | 5.50(ABIO.1)C0 | 5.40(ABIO.1)C0 | 5.50(ABIO.1)C0 |
| WAC5302D-S | 5.40(ABFH.1)C0 | 5.40(ABFH.1)C0 | 5.40(ABFH.1)C0 | N/A |
| NWA5123-AC | 5.40(AAZY.1)C0 | 5.40(AAZY.1)C0 | 5.40(AAZY.1)C0 | N/A |
| NWA5123-AC HD | 5.50(ABIM.1)C0 | 5.40(ABIM.1)C0 | 5.40(ABIM.1)C0 | 5.50(ABIM.1)C0 |
| NWA5121-NI | 5.10(AAID.7)C0 | 5.10(AAID.7)C0 | 5.10(AAID.7)C0 | N/A |
| NWA5121-N | 5.10(AAIF.7)C0 | 5.10(AAIF.7)C0 | 5.10(AAIF.7)C0 | N/A |
| NWA5123-NI | 5.10(AAHY.7)C0 | 5.10(AAHY.7)C0 | 5.10(AAHY.7)C0 | N/A |
| NWA5301-NJ | 5.10(AANB.7)C0 | 5.10(AANB.7)C0 | 5.10(AANB.7)C0 | N/A |
| NWA1302-AC | 5.50(ABKU.1)C0 | N/A | N/A | 5.50(ABKU.1)C0 |
| NWA1123-ACv2 | 5.50(ABEL.1)C0 | N/A | N/A | 5.50(ABEL.1)C0 |
| NWA1123-AC HD | 5.50(ABIN.1)C0 | N/A | N/A | 5.50(ABIN.1)C0 |
| NWA1123-AC PRO | 5.50(ABHD.1)C0 | N/A | N/A | 5.50(ABHD.1)C0 |
| NAP102 | N/A | N/A | N/A | 5.50(ABDF.1)C0 |
| NAP203 | N/A | N/A | N/A | 5.50(ABFA.1)C0 |
| NAP303 | N/A | N/A | N/A | 5.50(ABEX.1)C0 |
| NAP353 | N/A | N/A | N/A | 5.50(ABEY.1)C0 |
*Please download the firmware from Zyxel Support Center.
**Please upgrade the firmware via cloud update or contact your local Zyxel support team for assistance.
Acknowledgment
Thanks to Thomas Weber at SEC Consult for reporting this vulnerability to us.
Revision history
Initial release 2019-8-29