兆勤科技針對 5G NR/4G LTE CPE、DSL/Ethernet CPE、光纖 ONT、WiFi 延伸器和家用路由器的緩衝區溢出漏洞安全公告
CVEs: CVE-2023-37929, CVE-2024-0816
摘要
兆勤科技已釋出了一些 5G NR/4G LTE CPE、DSL/Ethernet CPE、光纖 ONT、WiFi 延伸器和家用路由器設備的修補程式,解決緩衝區溢出漏洞問題。建議使用者安裝更新以獲得最佳保護。
什麼是安全漏洞攻擊?
CVE-2023-37929
這個 CGI 程序中的緩衝區溢出漏洞影響了一些 DSL/Ethernet CPE、WiFi 延伸器和家用路由器設備,授權遠程攻擊者通過向易受攻擊的設備發送 HTTP 請求,造成阻斷服務攻擊(DoS)狀況。
CVE-2024-0816
這個緩衝區溢出漏洞影響了一些 5G NR/4G LTE CPE、DSL/Ethernet CPE、光纖 ONT、WiFi 延伸氣和家用路由器設備,授權本地攻擊者通過在受影響設備上執行帶有字串的 CLI 命令,造成阻斷服務攻擊(DoS)狀況。
受影響的版本及預防措施
經過詳細的檢查,我們已針對下列表格中仍在漏洞支援期間內受影響的產品發佈最新修補漏洞程式,以提供用戶最佳防護。
產品 | 受影響型號 | 受影響版本 | 最新修補程式* |
---|---|---|---|
DSL/Ethernet CPE | DX3300-T1 | V5.50(ABVY.4)C0 | V5.50(ABVY.4.2)C0 |
DX3301-T0 | V5.50(ABVY.4)C0 | V5.50(ABVY.4.2)C0 | |
DX4510 | V5.17(ABYL.5)C0 | V5.17(ABYL.6)C0 | |
DX5401-B0 | V5.17(ABYO.5)C0 | V5.17(ABYO.5.1)C0 | |
DX5401-B1 | V5.17(ABYO.5)C0 | V5.17(ABYO.5.1)C0 | |
EMG3525-T50B | V5.50(ABPM.8)C0 | V5.50(ABPM.8.1)C0 | |
EMG5523-T50B | V5.50(ABPM.8)C0 | V5.50(ABPM.8.1)C0 | |
EMG5723-T50K | V5.50(ABOM.8.2)C0 | V5.50(ABOM.8.3)C0 | |
EX3300-T1 | V5.50(ABVY.4)C0 | V5.50(ABVY.4.2)C0 | |
EX3301-T0 | V5.50(ABVY.4)C0 | V5.50(ABVY.4.2)C0 | |
EX3500-T0 | V5.44(ACHR.0)C0 | V5.44(ACHR.1)C0 | |
EX3501-T0 | V5.44(ACHR.0)C0 | V5.44(ACHR.1)C0 | |
EX3510 | V5.17(ABUP.9)C0 | V5.17(ABUP.11)C0 | |
EX5401-B0 | V5.17(ABYO.5)C0 | V5.17(ABYO.5.1)C0 | |
EX5401-B1 | V5.17(ABYO.5)C0 | V5.17(ABYO.5.1)C0 | |
EX5501-B0 | V5.17(ABRY.4)C0 | V5.17(ABRY.5)C0 | |
EX5510 | V5.17(ABQX.8)C0 | V5.17(ABQX.9)C0 | |
EX5512-T0 | V5.70(ACEG.2)C0 | V5.70(ACEG.3)C0 | |
EX5600-T1 | V5.70(ACDZ.2)C0 | V5.70(ACDZ.2.4)C0 | |
EX5601-T0 | V5.70(ACDZ.2)C0 | V5.70(ACDZ.2.4)C0 | |
EX5601-T1 | V5.70(ACDZ.2)C0 | V5.70(ACDZ.2.4)C0 | |
EX7710-B0 | V5.18(ACAK.0)C0 | V5.18(ACAK.1)C0 | |
VMG3625-T50B | V5.50(ABPM.8)C0 | V5.50(ABPM.8.1)C0 | |
VMG3927-T50K | V5.50(ABOM.8.2)C0 | V5.50(ABOM.8.3)C0 | |
VMG8623-T50B | V5.50(ABPM.8)C0 | V5.50(ABPM.8.1)C0 | |
VMG8825-T50K | V5.50(ABOM.8.2)C0 | V5.50(ABOM.8.3)C0 | |
Fiber ONT | AX7501-B0 | V5.17(ABPC.4)C0 | V5.17(ABPC.4.1)C0 |
AX7501-B1 | V5.17(ABPC.4)C0 | V5.17(ABPC.4.1)C0 | |
WiFi extender | WX3100-T0 | V5.50(ABVL.3)C0 | V5.50(ABVL.4)C0 |
WX5600-T0 | V5.70(ACEB.2)C0 | V5.70(ACEB.2.2)C0 | |
WX5610-B0 | V5.18(ACGJ.0)C0 | V5.18(ACGJ.0)C1 | |
Home router | NBG7510 | V1.00(ABZY.5)C0 | V1.00(ABZY.6)C0 |
產品 | 受影響型號 | 受影響版本 | 最新修補程式* |
---|---|---|---|
5G NR/4G LTE CPE | LTE3202-M437 | V1.00(ABWF.3)C0 | Hotfix is available Standard patch V1.00(ABWF.4)C0 in August 2024 |
LTE3301-Plus | V1.00(ABQU.5)C0 | Hotfix is available Standard patch V1.00(ABQU.6)C0 in August 2024 |
|
LTE5388-M804 | V1.00(ABSQ.4)C0 | Hotfix is available Standard patch V1.00(ABSQ.5)C0 in August 2024 |
|
LTE5398-M904 | V1.00(ABQV.4)C0 | Hotfix is available Standard patch V1.00(ABQV.5)C0 in August 2024 |
|
LTE7240-M403 | V2.00(ABMG.7)C0 | Hotfix is available Standard patch V2.00(ABMG.8)C0 in August 2024 |
|
LTE7480-M804 | V1.00(ABRA.8)C0 | Hotfix is available Standard patch V1.00(ABRA.9)C0 in August 2024 |
|
LTE7490-M904 | V1.00(ABQY.7)C0 | Hotfix is available Standard patch V1.00(ABQY.8)C0 in August 2024 |
|
NR5103 | V4.19(ABYC.5)C0 | Hotfix is available Standard patch V4.19(ABYC.6)C0 in August 2024 |
|
NR5103E | V1.00(ACDJ.1)b3 | Hotfix is available Standard patch V1.00(ACDJ.2)C0 in August 2024 |
|
NR5103EV2 | V1.00(ACIQ.0)C0 | Hotfix is available Standard patch V1.00(ACIQ.1)C0 in August 2024 |
|
NR5307 | V1.00(ACJT.0)b4 | Hotfix is available Standard patch V1.00(ACJT.0)C0 in August 2024 |
|
NR7101 | V1.00(ABUV.9)C0 | Hotfix is available Standard patch V1.00(ABUV.10)C0 in August 2024 |
|
NR7102 | V1.00(ABYD.2)C0 | Hotfix is available Standard patch V1.00(ABYD.3)C0 in August 2024 |
|
NR7103 | V1.00(ACCZ.2)C0 | Hotfix is available Standard patch V1.00(ACCZ.3)C0 in August 2024 |
|
NR7302 | V1.00(ACHA.2)C0 | Hotfix is available Standard patch V1.00(ACHA.3)C0 in August 2024 |
|
NR7303 | V1.00(ACEI.0)C0 | Hotfix is available Standard patch V1.00(ACEI.1)C0 in August 2024 |
|
NR7501 | V1.00(ACEH.0)C0 | Hotfix is available Standard patch V1.00(ACEH.1)C0 in August 2024 |
|
Nebula FWA505 | V1.18(ACKO.1)C0 | Hotfix is available Standard patch V1.18(ACKO.2)C0 in July 2024 |
|
Nebula FWA510 | V1.18(ACGD.1)C0 | Hotfix is available Standard patch V1.18(ACGD.2)C0 in July 2024 |
|
Nebula FWA710 | V1.17(ACGC.0)C0 | Hotfix is available Standard patch V1.18(ACGC.2) in July 2024 |
|
Nebula LTE3301-PLUS | V1.17(ACCA.0)C0 | Hotfix is available Standard patch V1.18(ACCA.2)C0 in July 2024 |
|
Nebula LTE7461-M602 | V1.15(ACEV.3)C0 | Hotfix is available | |
Nebula NR5101 | V1.16(ACCG.0)C0 | Hotfix is available | |
Nebula NR7101 | V1.16(ACCC.0)C0 | Hotfix is available | |
DSL/Ethernet CPE | DX3300-T1 | V5.50(ABVY.4)C0 | V5.50(ABVY.4.2)C0 |
DX3301-T0 | V5.50(ABVY.4)C0 | V5.50(ABVY.4.2)C0 | |
DX4510 | V5.17(ABYL.6)C0 | V5.17(ABYL.7)C0 | |
DX5401-B0 | V5.17(ABYO.5)C0 | V5.17(ABYO.5.1)C0 | |
DX5401-B1 | V5.17(ABYO.5)C0 | V5.17(ABYO.5.1)C0 | |
EMG3525-T50B | V5.50(ABPM.8)C0 | V5.50(ABPM.8.3)C0 | |
EMG5523-T50B | V5.50(ABPM.8)C0 | V5.50(ABPM.8.3)C0 | |
EMG5723-T50K | V5.50(ABOM.8.2)C0 | V5.50(ABOM.8.3)C0 | |
EX3300-T1 | V5.50(ABVY.4)C0 | V5.50(ABVY.4.2)C0 | |
EX3301-T0 | V5.50(ABVY.4)C0 | V5.50(ABVY.4.2)C0 | |
EX3320-T0 | V5.71(YAK.2)D0 | V5.71(YAK.3)D0 | |
EX3320-T1 | V5.71(YAP.0)C0 | V5.71(YAP.1)C0 | |
EX3500-T0 | V5.44(ACHR.0)C0 | V5.44(ACHR.1)C0 | |
EX3501-T0 | V5.44(ACHR.0)C0 | V5.44(ACHR.1)C0 | |
EX3510 | V5.17(ABUP.11)C0 | V5.17(ABUP.12)C0 | |
EX5401-B0 | V5.17(ABYO.5)C0 | V5.17(ABYO.5.1)C0 | |
EX5401-B1 | V5.17(ABYO.5)C0 | V5.17(ABYO.5.1)C0 | |
EX5501-B0 | V5.17(ABRY.4)C0 | V5.17(ABRY.5)C0 | |
EX5510 | V5.17(ABQX.9)C0 | V5.17(ABQX.10)C0 | |
EX5512-T0 | V5.70(ACEG.2)C0 | V5.70(ACEG.3)C0 | |
EX5600-T1 | V5.70(ACDZ.2)C0 | V5.70(ACDZ.2.4)C0 | |
EX5601-T0 | V5.70(ACDZ.2)C0 | V5.70(ACDZ.2.4)C0 | |
EX5601-T1 | V5.70(ACDZ.2)C0 | V5.70(ACDZ.2.4)C0 | |
EX7710-B0 | V5.18(ACAK.0)C0 | V5.18(ACAK.1)C0 | |
VMG3625-T50B | V5.50(ABPM.8)C0 | V5.50(ABPM.8.3)C0 | |
VMG3927-T50K | V5.50(ABOM.8.2)C0 | V5.50(ABOM.8.3)C0 | |
VMG4005-B50A | V5.17(ABQA.2)C0 | V5.17(ABQA.2.1)C0 | |
VMG4005-B60A | V5.17(ABQA.2)C0 | V5.17(ABQA.2.1)C0 | |
VMG8623-T50B | V5.50(ABPM.8)C0 | V5.50(ABPM.8.3)C0 | |
VMG8825-T50K | V5.50(ABOM.8.2)C0 | V5.50(ABOM.8.3)C0 | |
Fiber ONT | AX7501-B0 | V5.17(ABPC.4)C0 | V5.17(ABPC.4.1)C0 |
AX7501-B1 | V5.17(ABPC.4)C0 | V5.17(ABPC.4.1)C0 | |
PM3100-T0 | V5.42(ACBF.1.2)C0 | V5.42(ACBF.2)C0 | |
PM5100-T0 | V5.42(ACBF.1.2)C0 | V5.42(ACBF.2)C0 | |
PM7300-T0 | V5.42(ABYY.1)C0 | V5.42(ABYY.2.1)C0 | |
PX3321-T1 | V5.44(ACJB.0)C0 | V5.44(ACJB.1)C0 | |
WiFi extender | WX3100-T0 | V5.50(ABVL.3)C0 | V5.50(ABVL.4.1)C0 |
WX3401-B0 | V5.17(ABVE.2)C0 | V5.17(ABVE.2.4)C0 | |
WX5600-T0 | V5.70(ACDZ.2)C0 | V5.70(ACEB.2.2)C0 | |
WX5610-B0 | V5.18(ACGJ.0)C0 | V5.18(ACGJ.0)C1 | |
Home router | NBG7510 | V1.00(ABZY.6)C0 | V1.00(ABZY.7)C0 |
*請聯絡您當地的 Zyxel 支援團隊以取得該文件。
請注意,表格中不包括網際網路服務提供商(ISP)客製的型號。
網際網路服務提供商可聯繫您的兆勤科技業務以獲得更詳細的訊息。
若您是從網際網路服務提供商收到兆勤科技產品的終端用戶,我們建議您直接聯繫網際網路服務提供商的客服,因為設備可能具有客製化設定。
若您是自行購買兆勤科技產品的用戶,請聯繫您當地的兆勤科技客服團隊獲取新的韌體檔案,或前往 Zyxel社群平台尋求協助,確保最佳保護。
如何獲得協助?
如有任何問題,請聯繫 Zyxel 經銷商、Zyxel 技術團隊(0800-500-550),或至官方 Zyxel中文論壇,我們將會提供進一步協助與說明。
致謝
感謝以下安全研究人員:
- 來自中國科學院軟件研究所(ISCAS)的 Xingyu Xu 回報 CVE-2023-37929
- 來自 Telia 公司的 Marko Silokunnas 回報 CVE-2024-0816
修訂記錄
2024-5-21:初始版本