Zyxel advisory for vulnerability CVE-2015-7547
A new vulnerability covered in advisory CVE-2015-7547 identifies a stack-based buffer overflow security weakness in the GNU C Library (commonly known as glibc). The vulnerability could allow potential exploitation such as denial of service or remote code execution.
Are Zyxel products at risk?
After a thorough investigation into all Zyxel products, Zyxel has identified the affected products, as listed in the table below, and assures customers the solutions are already available or in preparation to close the vulnerability.
What is Zyxel doing about it?
A hotfix is now available for several products through Zyxel Support. The patch will also be included in the next firmware releases for the affected products. The table below includes the solution and firmware release schedule for the affected products.
Affected products
Product | Series/Model | Solution |
---|---|---|
Security Appliances | USG60W/60/40W/40 USG310/210/110 USG1900/1100 ZyWALL Series |
Datecode available on Feb. 24. Patch in firmware ZLD4.15P1, available on Mar. 3. |
USG200/100-PLUS/100/50/20W/20 USG2000/1000/300 |
Datecode available on Mar. 11. (Please contact your local Zyxel customer service directly.) | |
Commercial Gateways | UAG2100/4100 |
Datecode available on Feb. 25 |
UAG5100 |
Datecode available on Feb. 26 |
|
WLAN Controllers | NXC |
Patch in firmware 4.30, available in July |
Network Storage | NAS520/540/542 |
Patch in firmware V5.11P2, available on Mar. 8 |
NAS326 |
Patch in firmware V5.11P3, available on Mar. 8 |
|
LTE CPE | WAH7706 |
Patch in firmware V1.00(ABBC.3)C0, available on Mar. 24 |
Please contact your local service or sales representatives if you require any further assistance.