Zyxel security advisory for pre-configured password management vulnerability of home routers and WiFi systems

CVE: CVE-2021-35033

Summary

Zyxel has released patches for products affected by a pre-configured password management vulnerability. Users are advised to install it for optimal protection.

What is the vulnerability?

An improper password management vulnerability has been found in specific home routers and WiFi systems. The vulnerability could allow an attacker to gain root access to the device if a local attacker dismantles and takes the device and connects to it using a USB-to-UART cable, or if the remote assistance feature has been enabled by an authenticated user.

What versions are vulnerable—and what should you do?

After a thorough investigation, we’ve identified the vulnerable products that are within their warranty and support period and released firmware patches to address the issue, as shown in the table below.

Affected model	Patch availability
NBG6818	V1.00(ABSC.5)C0¹
NBG7815	V1.00(ABSK.7)C0¹
WSQ20	V1.00(ABOF.11)C0²
WSQ50	V2.20(ABKJ.7)C0²
WSQ60	V2.20(ABND.8)C0²
WSR30	V1.00(ABMY.12)C0²

Upgrade firmware through the web GUI or App.
Upgrade firmware through the App.

Got a question?

Please contact your local service rep or visit Zyxel’s forum for further information or assistance.

Acknowledgment

Thanks to Tenable for reporting the issues to us.

Revision history

2021-11-23: Initial release

Security

Networking

Service and License

Home Connectivity

Success Stories

Organization Sizes

Use Cases

Technologies

What’s New?

Support

Training

Buy Online

Locate Partners

Select Your Location

Africa

Asia

Central America

Europe

Middle East

North America

Oceania

South America

Zyxel security advisory for pre-configured password management vulnerability of home routers and WiFi systems

Have a question?