Zyxel security advisory for cleartext storage of information vulnerability
CVEs: CVE-2021-35036
Summary
Zyxel is releasing patches addressing a cleartext storage of information vulnerability in its products. Users are advised to install the patches for optimal protection.
What is the vulnerability?
The cleartext storage of information vulnerability is due to a CGI program lacking proper protection of the device’s login privilege and TR-069 configuration. The vulnerability cannot be exploited unless the attacker can first be successfully authenticated and log in to the device’s management interface. The TR-069 protocol is not enabled by default in the generic version of the firmware; therefore, it cannot be exploited by attackers.
What versions are vulnerable-and what should you do?
After a thorough investigation, we have identified the vulnerable products that are within their vulnerability support period, with their firmware patches shown in the table below.
| Affected series/models | Patch availability* |
|---|---|
| DSL/Ethernet CPE | |
| VMG3625-T50B | Customized firmware version V5.50(ABTL.0)b2r EMEA: V5.50(ABPM.7)C0 Central America: V5.50(ACCR.0)b4 |
| VMG3927-T50K | V5.50(ABOM.8)C0 |
| VMG8623-T50B | V5.50(ABPM.7)C0 |
| VMG8825-T50K | V5.50(ABOM.8)C0 |
| EMG3525-T50B | V5.50(ABPM.7)C0 |
| EMG5523-T50B | V5.50(ABPM.7)C0 |
| EMG5723-T50K | V5.50(ABOM.8)C0 |
| DX3301-T0 | V5.50(ABVY.3)C0 |
| DX5401-B0 | V5.17(ABYO.2)C0 |
| EX5401-B0 | V5.17(ABYO.2)C0 |
| EX5501-B0 | V5.17(ABRY.3)C0 |
| 5G NR/4G LTE CPE | |
| LTE3301-PLUS | V1.00(ABQU.6)C0 in Dec. 2022 |
| LTE5388-M804 | V1.00(ABSQ.4)C0 in Dec. 2022 |
| LTE5388-S905 | V1.00(ABVI.6)C0 in Dec. 2022 |
| LTE5398-M904 | V1.00(ABQV.2)C0 in Dec. 2022 |
| LTE7240-M403 | V2.00(ABMG.6)C0 in Dec. 2022 |
| LTE7461-M602 | V2.00(ABQN.6)C0 in Dec. 2022 |
| LTE7480-S905 | V2.00(ABQT.6)C0 in Dec. 2022 |
| LTE7480-M804 | V1.00(ABRA.6)C0 in Dec. 2022 |
| LTE7485-S905 | V1.00(ABVN.6)C0 in Dec. 2022 |
| LTE7490-M804 | V1.00(ABQY.5)C0 in Dec. 2022 |
| NR5101 | V1.00(ABVC.6)C0 in Dec. 2022 |
| NR7101 | V1.00(ABUV.7)C0 in Dec. 2022 |
| NR7102 | V1.00(ABYD.2)C0 in Dec. 2022 |
| Fiber ONT | |
| AX7501-B Series | V5.17(ABPC.2)C0 |
| EP240P | V5.40(ABVH.0)C0a03 |
| PMG5617GA | V5.40(ABNA.2)C0 |
| PMG5622GA | V5.40(ABNB.2)C0 |
| PMG5317-T20B | V5.40(ABKI.4)C0 |
| PMG5617-T20B2 | V5.41(ACBB.1)C0 |
| PM7300-T0 | V5.42(ACBC.1)C0 |
Got a question?
If you are an ISP with customized models, please contact your Zyxel sales or service representative for further information or assistance. For end-user who acquired your Zyxel device from an ISP, please reach out to the ISP’s support team directly, as the device may have custom-built settings.
Acknowledgment
Thanks to Mina Nageh Salama for reporting the issue to us.
Revision history
2022-09-27: Initial release