兆勤科技針對 5G NR/4G LTE CPE、DSL/Ethernet CPE、光纖 ONT、WiFi 延伸器和家用路由器的緩衝區溢出漏洞安全公告

CVEs: CVE-2023-37929, CVE-2024-0816
摘要

兆勤科技已釋出了一些 5G NR/4G LTE CPE、DSL/Ethernet CPE、光纖 ONT、WiFi 延伸器和家用路由器設備的修補程式,解決緩衝區溢出漏洞問題。建議使用者安裝更新以獲得最佳保護。

什麼是安全漏洞攻擊?

CVE-2023-37929

這個 CGI 程序中的緩衝區溢出漏洞影響了一些 DSL/Ethernet CPE、WiFi 延伸器和家用路由器設備,授權遠程攻擊者通過向易受攻擊的設備發送 HTTP 請求,造成阻斷服務攻擊(DoS)狀況。

CVE-2024-0816

這個緩衝區溢出漏洞影響了一些 5G NR/4G LTE CPE、DSL/Ethernet CPE、光纖 ONT、WiFi 延伸氣和家用路由器設備,授權本地攻擊者通過在受影響設備上執行帶有字串的 CLI 命令,造成阻斷服務攻擊(DoS)狀況。

受影響的版本及預防措施

經過詳細的檢查,我們已針對下列表格中仍在漏洞支援期間內受影響的產品發佈最新修補漏洞程式,以提供用戶最佳防護。

產品 受影響型號 受影響版本 最新修補程式*
DSL/Ethernet CPE DX3300-T1 V5.50(ABVY.4)C0 V5.50(ABVY.4.2)C0
DX3301-T0 V5.50(ABVY.4)C0 V5.50(ABVY.4.2)C0
DX4510 V5.17(ABYL.5)C0 V5.17(ABYL.6)C0
DX5401-B0 V5.17(ABYO.5)C0 V5.17(ABYO.5.1)C0
DX5401-B1 V5.17(ABYO.5)C0 V5.17(ABYO.5.1)C0
EMG3525-T50B V5.50(ABPM.8)C0 V5.50(ABPM.8.1)C0
EMG5523-T50B V5.50(ABPM.8)C0 V5.50(ABPM.8.1)C0
EMG5723-T50K V5.50(ABOM.8.2)C0 V5.50(ABOM.8.3)C0
EX3300-T1 V5.50(ABVY.4)C0 V5.50(ABVY.4.2)C0
EX3301-T0 V5.50(ABVY.4)C0 V5.50(ABVY.4.2)C0
EX3500-T0 V5.44(ACHR.0)C0 V5.44(ACHR.1)C0
EX3501-T0 V5.44(ACHR.0)C0 V5.44(ACHR.1)C0
EX3510 V5.17(ABUP.9)C0 V5.17(ABUP.11)C0
EX5401-B0 V5.17(ABYO.5)C0 V5.17(ABYO.5.1)C0
EX5401-B1 V5.17(ABYO.5)C0 V5.17(ABYO.5.1)C0
EX5501-B0 V5.17(ABRY.4)C0 V5.17(ABRY.5)C0
EX5510 V5.17(ABQX.8)C0 V5.17(ABQX.9)C0
EX5512-T0 V5.70(ACEG.2)C0 V5.70(ACEG.3)C0
EX5600-T1 V5.70(ACDZ.2)C0 V5.70(ACDZ.2.4)C0
EX5601-T0 V5.70(ACDZ.2)C0 V5.70(ACDZ.2.4)C0
EX5601-T1 V5.70(ACDZ.2)C0 V5.70(ACDZ.2.4)C0
EX7710-B0 V5.18(ACAK.0)C0 V5.18(ACAK.1)C0
VMG3625-T50B V5.50(ABPM.8)C0 V5.50(ABPM.8.1)C0
VMG3927-T50K V5.50(ABOM.8.2)C0 V5.50(ABOM.8.3)C0
VMG8623-T50B V5.50(ABPM.8)C0 V5.50(ABPM.8.1)C0
VMG8825-T50K V5.50(ABOM.8.2)C0 V5.50(ABOM.8.3)C0
Fiber ONT AX7501-B0 V5.17(ABPC.4)C0 V5.17(ABPC.4.1)C0
AX7501-B1 V5.17(ABPC.4)C0 V5.17(ABPC.4.1)C0
WiFi extender WX3100-T0 V5.50(ABVL.3)C0 V5.50(ABVL.4)C0
WX5600-T0 V5.70(ACEB.2)C0 V5.70(ACEB.2.2)C0
WX5610-B0 V5.18(ACGJ.0)C0 V5.18(ACGJ.0)C1
Home router NBG7510 V1.00(ABZY.5)C0 V1.00(ABZY.6)C0
產品 受影響型號 受影響版本 最新修補程式*
5G NR/4G LTE CPE LTE3202-M437 V1.00(ABWF.3)C0 Hotfix is available
Standard patch V1.00(ABWF.4)C0 in August 2024
LTE3301-Plus V1.00(ABQU.5)C0 Hotfix is available
Standard patch V1.00(ABQU.6)C0 in August 2024
LTE5388-M804 V1.00(ABSQ.4)C0 Hotfix is available
Standard patch V1.00(ABSQ.5)C0 in August 2024
LTE5398-M904 V1.00(ABQV.4)C0 Hotfix is available
Standard patch V1.00(ABQV.5)C0 in August 2024
LTE7240-M403 V2.00(ABMG.7)C0 Hotfix is available
Standard patch V2.00(ABMG.8)C0 in August 2024
LTE7480-M804 V1.00(ABRA.8)C0 Hotfix is available
Standard patch V1.00(ABRA.9)C0 in August 2024
LTE7490-M904 V1.00(ABQY.7)C0 Hotfix is available
Standard patch V1.00(ABQY.8)C0 in August 2024
NR5103 V4.19(ABYC.5)C0 Hotfix is available
Standard patch V4.19(ABYC.6)C0 in August 2024
NR5103E V1.00(ACDJ.1)b3 Hotfix is available
Standard patch V1.00(ACDJ.2)C0 in August 2024
NR5103EV2 V1.00(ACIQ.0)C0 Hotfix is available
Standard patch V1.00(ACIQ.1)C0 in August 2024
NR5307 V1.00(ACJT.0)b4 Hotfix is available
Standard patch V1.00(ACJT.0)C0 in August 2024
NR7101 V1.00(ABUV.9)C0 Hotfix is available
Standard patch V1.00(ABUV.10)C0 in August 2024
NR7102 V1.00(ABYD.2)C0 Hotfix is available
Standard patch V1.00(ABYD.3)C0 in August 2024
NR7103 V1.00(ACCZ.2)C0 Hotfix is available
Standard patch V1.00(ACCZ.3)C0 in August 2024
NR7302 V1.00(ACHA.2)C0 Hotfix is available
Standard patch V1.00(ACHA.3)C0 in August 2024
NR7303 V1.00(ACEI.0)C0 Hotfix is available
Standard patch V1.00(ACEI.1)C0 in August 2024
NR7501 V1.00(ACEH.0)C0 Hotfix is available
Standard patch V1.00(ACEH.1)C0 in August 2024
Nebula FWA505 V1.18(ACKO.1)C0 Hotfix is available
Standard patch V1.18(ACKO.2)C0 in July 2024
Nebula FWA510 V1.18(ACGD.1)C0 Hotfix is available
Standard patch V1.18(ACGD.2)C0 in July 2024
Nebula FWA710 V1.17(ACGC.0)C0 Hotfix is available
Standard patch V1.18(ACGC.2) in July 2024
Nebula LTE3301-PLUS V1.17(ACCA.0)C0 Hotfix is available
Standard patch V1.18(ACCA.2)C0 in July 2024
Nebula LTE7461-M602 V1.15(ACEV.3)C0 Hotfix is available
Nebula NR5101 V1.16(ACCG.0)C0 Hotfix is available
Nebula NR7101 V1.16(ACCC.0)C0 Hotfix is available
DSL/Ethernet CPE DX3300-T1 V5.50(ABVY.4)C0 V5.50(ABVY.4.2)C0
DX3301-T0 V5.50(ABVY.4)C0 V5.50(ABVY.4.2)C0
DX4510 V5.17(ABYL.6)C0 V5.17(ABYL.7)C0
DX5401-B0 V5.17(ABYO.5)C0 V5.17(ABYO.5.1)C0
DX5401-B1 V5.17(ABYO.5)C0 V5.17(ABYO.5.1)C0
EMG3525-T50B V5.50(ABPM.8)C0 V5.50(ABPM.8.3)C0
EMG5523-T50B V5.50(ABPM.8)C0 V5.50(ABPM.8.3)C0
EMG5723-T50K V5.50(ABOM.8.2)C0 V5.50(ABOM.8.3)C0
EX3300-T1 V5.50(ABVY.4)C0 V5.50(ABVY.4.2)C0
EX3301-T0 V5.50(ABVY.4)C0 V5.50(ABVY.4.2)C0
EX3320-T0 V5.71(YAK.2)D0 V5.71(YAK.3)D0
EX3320-T1 V5.71(YAP.0)C0 V5.71(YAP.1)C0
EX3500-T0 V5.44(ACHR.0)C0 V5.44(ACHR.1)C0
EX3501-T0 V5.44(ACHR.0)C0 V5.44(ACHR.1)C0
EX3510 V5.17(ABUP.11)C0 V5.17(ABUP.12)C0
EX5401-B0 V5.17(ABYO.5)C0 V5.17(ABYO.5.1)C0
EX5401-B1 V5.17(ABYO.5)C0 V5.17(ABYO.5.1)C0
EX5501-B0 V5.17(ABRY.4)C0 V5.17(ABRY.5)C0
EX5510 V5.17(ABQX.9)C0 V5.17(ABQX.10)C0
EX5512-T0 V5.70(ACEG.2)C0 V5.70(ACEG.3)C0
EX5600-T1 V5.70(ACDZ.2)C0 V5.70(ACDZ.2.4)C0
EX5601-T0 V5.70(ACDZ.2)C0 V5.70(ACDZ.2.4)C0
EX5601-T1 V5.70(ACDZ.2)C0 V5.70(ACDZ.2.4)C0
EX7710-B0 V5.18(ACAK.0)C0 V5.18(ACAK.1)C0
VMG3625-T50B V5.50(ABPM.8)C0 V5.50(ABPM.8.3)C0
VMG3927-T50K V5.50(ABOM.8.2)C0 V5.50(ABOM.8.3)C0
VMG4005-B50A V5.17(ABQA.2)C0 V5.17(ABQA.2.1)C0
VMG4005-B60A V5.17(ABQA.2)C0 V5.17(ABQA.2.1)C0
VMG8623-T50B V5.50(ABPM.8)C0 V5.50(ABPM.8.3)C0
VMG8825-T50K V5.50(ABOM.8.2)C0 V5.50(ABOM.8.3)C0
Fiber ONT AX7501-B0 V5.17(ABPC.4)C0 V5.17(ABPC.4.1)C0
AX7501-B1 V5.17(ABPC.4)C0 V5.17(ABPC.4.1)C0
PM3100-T0 V5.42(ACBF.1.2)C0 V5.42(ACBF.2)C0
PM5100-T0 V5.42(ACBF.1.2)C0 V5.42(ACBF.2)C0
PM7300-T0 V5.42(ABYY.1)C0 V5.42(ABYY.2.1)C0
PX3321-T1 V5.44(ACJB.0)C0 V5.44(ACJB.1)C0
WiFi extender WX3100-T0 V5.50(ABVL.3)C0 V5.50(ABVL.4.1)C0
WX3401-B0 V5.17(ABVE.2)C0 V5.17(ABVE.2.4)C0
WX5600-T0 V5.70(ACDZ.2)C0 V5.70(ACEB.2.2)C0
WX5610-B0 V5.18(ACGJ.0)C0 V5.18(ACGJ.0)C1
Home router NBG7510 V1.00(ABZY.6)C0 V1.00(ABZY.7)C0

*請聯絡您當地的 Zyxel 支援團隊以取得該文件。

請注意,表格中不包括網際網路服務提供商(ISP)客製的型號。

網際網路服務提供商可聯繫您的兆勤科技業務以獲得更詳細的訊息。

若您是從網際網路服務提供商收到兆勤科技產品的終端用戶,我們建議您直接聯繫網際網路服務提供商的客服,因為設備可能具有客製化設定。

若您是自行購買兆勤科技產品的用戶,請聯繫您當地的兆勤科技客服團隊獲取新的韌體檔案,或前往 Zyxel社群平台尋求協助,確保最佳保護。

如何獲得協助?

如有任何問題,請聯繫 Zyxel 經銷商、Zyxel 技術團隊(0800-500-550),或至官方 Zyxel中文論壇,我們將會提供進一步協助與說明。

致謝

感謝以下安全研究人員:

  • 來自中國科學院軟件研究所(ISCAS)的 Xingyu Xu 回報 CVE-2023-37929
  • 來自 Telia 公司的 Marko Silokunnas 回報 CVE-2024-0816
修訂記錄

2024-5-21:初始版本