Zyxel security advisory for CRLF injection vulnerability in some legacy firewalls

Summary

Zyxel is aware of a CRLF injection vulnerability in legacy USG100, USG200, USG300, USG20W, USG20, and USG50 firewalls. Since all of the affected models have reached end-of-vulnerability-support, users are advised to replace them with newer-generation models for optimal protection.

 

What is the vulnerability?

The CRLF injection vulnerability is due to improper input sanitization in the CGI program of some legacy Zyxel firewalls. This flaw could be used to conduct malicious attacks, such as cross-site scripting (XSS) and web cache poisoning.

 

What versions are vulnerable—and what should you do?

After a thorough investigation, we’ve identified only some legacy firewalls as being affected. The affected models, namely USG20, USG20W, USG50, USG100, USG200, and USG300, all entered end-of-vulnerability-support many years earlier. In accordance with industry product life cycle management practices, Zyxel advises customers to replace these legacy products with newer-generation models.

 

Got a question?

Please contact your local service rep or visit Zyxel’s forum for further information or assistance.

 

Acknowledgment

Thanks to Darren & Pedro from CipherTechs for reporting the issue to us.

 

Revision history

2022-06-07: Initial release