Zyxel to fix SSH private Key and certificate vulnerability
A recently discovered vulnerability identified in advisory CVE-2015-7256 reveals a security issue regarding the authentication of the non-unique certificates and SSH private keys used in networking products. Zyxel has investigated this vulnerability and take several steps to addressing it. Included below are some details.
Are Zyxel products affected?
After a thorough investigation in to all Zyxel products, the affected models have been isolated and listed in Table 1 below.
What is Zyxel doing about it?
Zyxel is now implementing fixes to ensure the non-unique certificates and SSH private keys used in authentication are randomly generated. Software enhancements will be released shortly, as indicated in Table 1.
Any workarounds?
Zyxel suggests users take the following steps as a good general security practice:
- Be alert for suspicious web links, advertisements and websites.
- Make sure all devices are running the most current firmware
Please contact your local service professional for more information and assistance.
Table 1. Affected models
Product | Model Name | Status |
---|---|---|
Access Point | NWA1100-N | Fix available in November 2015 (Datecode provided on demand) |
NWA1100-NH | Fix available in Oct 2016 (Datecode provided on demand) | |
NWA1121-NI | Fix available in Oct 2016 (Datecode provided on demand) | |
NWA1123-AC | Fix available in Oct 2016 (Datecode provided on demand) | |
NWA1123-NI | Fix available in Oct 2016 (Datecode provided on demand) | |
DSL CPE | P-660HN-51 | Fix available in February 2016 |
P-663HN-51 | Fix available in February 2016 | |
VMG1312-B10A | Fix available in February 2016 | |
VMG1312-B30A | Fix available in February 2016 | |
VMG1312-B30B | Fix available in February 2016 | |
VMG4380-B10A | Fix available in February 2016 | |
VMG8324-B10A | Fix available in February 2016 | |
VMG8924-B10A | Fix available in February 2016 | |
VMG8924-B30A | Fix available in February 2016 | |
VSG1435-B101 | Fix available in February 2016 | |
GPON | PMG5318-B20A | Fix available in December 2016 |
Small Business Gateway |
SBG3300-N000 | Fix available now (Datecode provided on demand) |
SBG3300-NB00 | Fix available now (Datecode provided on demand) | |
SBG3500-N000 | Fix available now (Datecode provided on demand) | |
SBG3500-N000 | Fix available now (Datecode provided on demand) | |
Switch | GS1900-8 | Fix available in November 2015 |
GS1900-24 | Fix available in November 2015 | |
Project Model | C1000Z | Customized model for internet service providers (ISPs). |
Q1000 | Customized model for internet service providers (ISPs). | |
FR1000Z | Customized model for internet service providers (ISPs). | |
P8702N | Customized model for internet service providers (ISPs). |