Zyxel針對CPE、光纖ONT和WiFi延伸器的命令注入和緩衝區溢位漏洞的安全報告
CVE 編號: CVE-2022-43389, CVE-2022-43390, CVE-2022-43391, CVE-2022-43392
摘要
Zyxel透過Positive Technologies提供的報告獲知相關產品有多個漏洞,並建議用戶安裝適用的韌體更新以獲得最佳保護。
什麼是安全漏洞攻擊?
CVE-2022-43389
某些5G NR/4G LTE CPE設備的網頁伺服器中存在著緩衝區溢位漏洞,該漏洞可能允許未經身份驗證的遠端攻擊者執行某些OS系統命令或在易受攻擊的設備上造成阻斷式服務(DoS)攻擊情況。請注意,大多數設備預設禁用WAN訪問。
CVE-2022-43390
某些5G NR/4G LTE CPE、DSL/乙太網 CPE、光纖ONT和WiFi延伸器設備的CGI 程式中存在著命令注入漏洞,該漏洞可能允許經過身份驗證的遠端攻擊者藉由發送特殊HTTP請求在易受攻擊的設備上執行某些OS系統命令。請注意,大多數設備預設禁用WAN訪問。
CVE-2022-43391
某些5G NR/4G LTE CPE、DSL/乙太網CPE、光纖ONT和WiFi延伸器設備中的 CGI 程式中存在著緩衝區溢位漏洞,允許經過身份驗證的遠端攻擊者藉由發送特殊HTTP請求來引發DoS攻擊情況. 請注意,大多數設備預設禁用WAN訪問。
CVE-2022-43392
某些5G NR/4G LTE CPE、DSL/以太網 CPE、光纖ONT和WiFi延伸器設備中的網頁伺服器參數存在著緩衝區溢位漏洞,該漏洞可能允許經過身份驗證遠端攻擊者透過發送特殊的授權請求來引發DoS攻擊情況。請注意,大多數設備預設禁用WAN訪問。
受影響的版本及預防措施?
經過詳細的檢查,我們已針對下列表格中仍在漏洞支援期間內受影響的產品發佈更新的漏洞程式, 以提供用戶最佳防護。
| 產品 | 受影響的型號 | 修補程式* |
|---|---|---|
| 5G NR/4G LTE CPE | LTE3202-M437 | V1.00(ABWF.1)C0 |
| LTE3316-M604 | V2.00(ABMP.6)C0 | |
| LTE7480-M804 | V1.00(ABRA.6)C0 | |
| LTE7490-M904 | V1.00(ABQY.5)C0 | |
| Nebula FWA510 | V1.15(ACGD.3)C0 | |
| Nebula FWA710 | V1.15(ACGC.3)C0 | |
| Nebula NR7101 | V1.15(ACCC.3)C0 | |
| NR5103 | V4.19(ABYC.3)C0 | |
| NR5103E | Hotfix available now Standard firmware V1.00(ACDJ.0)C0 in Apr. 2023 |
|
| NR7101 | V1.00(ABUV.7)C0 | |
| NR7102 | V1.00(ABYD.2)C0 | |
| NR7103 | V1.00(ACCZ.1)C0 | |
| Fiber ONT | EP240P | Hotfix available now Standard firmware TBD |
| PM7320-B0 | Hotfix available now Standard firmware TBD |
|
| PMG5317-T20B | Hotfix available now Standard firmware TBD |
|
| PMG5617GA | Hotfix available now Standard firmware TBD |
|
| PMG5622GA | Hotfix available now Standard firmware TBD |
| 產品 | 受影響的型號 | 修補程式* |
|---|---|---|
| 5G NR/4G LTE CPE | LTE7480-M804 | V1.00(ABRA.6)C0 |
| LTE7490-M904 | V1.00(ABQY.5)C0 | |
| Nebula NR5101 | V1.15(ACCG.3)C0 | |
| Nebula NR7101 | V1.15(ACCC.3)C0 | |
| NR5101 | V1.00(ABVC.6)C0 | |
| NR7101 | V1.00(ABUV.7)C0 | |
| NR7102 | V1.00(ABYD.2)C0 | |
| DSL/Ethernet CPE | DX3301-T0 | Hotfix available now Standard firmware V5.50(ABVY.3.4)C0 in Feb. 2023 |
| DX4510-B1 | Hotfix available now Standard firmware V5.17(ABYL.5)C0 in Jun. 2023 |
|
| DX5401-B0 | Hotfix available now Standard firmware V5.17(ABYO.3.1)C0 in Feb. 2023 |
|
| EMG3525-T50B | Hotfix available now Standard firmware V5.50(ABPM.7.3)C0 in Feb. 2023 |
|
| EMG5523-T50B | Hotfix available now Standard firmware V5.50(ABPM.7.3)C0 in Feb. 2023 |
|
| EMG5723-T50K | Hotfix available now Standard firmware V5.50(ABOM.8.2)C0 in Feb. 2023 |
|
| EX3301-T0 | Hotfix available now Standard firmware V5.50(ABVY.3.4)C0 in Feb. 2023 |
|
| EX3510-B0 | V5.17(ABUP.7)C0 | |
| EX5401-B0 | Hotfix available now Standard firmware V5.17(ABYO.3.1)C0 in Feb. 2023 |
|
| EX5501-B0 | Hotfix available now Standard firmware V5.17(ABRY.3.2)C0 in Feb. 2023 |
|
| EX5510-B0 | V5.17(ABQX.7)C0 | |
| EX5512-T0 | Hotfix available now Standard firmware TBD |
|
| EX5600-T1 | Hotfix available now Standard firmware V5.70(ACDZ.0.1)C0 in Feb. 2023 |
|
| EX5601-T0 | Hotfix available now Standard firmware V5.70(ACDZ.0.1)C0 in Feb. 2023 |
|
| EX5601-T1 | Hotfix available now Standard firmware V5.70(ACDZ.0.1)C0 in Feb. 2023 |
|
| VMG3927-T50K | Hotfix available now Standard firmware V5.50(ABOM.8.2)C0 in Feb. 2023 |
|
| VMG4005-B50A | Hotfix available now Standard firmware V5.17(ABQA.2)C0 in Feb. 2023 |
|
| VMG4005-B60A | Hotfix available now Standard firmware V5.17(ABQA.2)C0 in Feb. 2023 |
|
| VMG8623-T50B | Hotfix available now Standard firmware V5.50(ABPM.7.3)C0 in Feb. 2023 |
|
| VMG8825-T50K | Hotfix available now Standard firmware V5.50(ABOM.8.2)C0 in Feb. 2023 |
|
| Fiber ONT | AX7501-B0 | Hotfix available now Standard firmware V5.17(ABPC.3)C0 in Feb. 2023 |
| PM3100-T0 | Hotfix available now Standard firmware V5.42(ACBF.1.1)C0 in Feb. 2023 |
|
| PM5100-T0 | Hotfix available now Standard firmware V5.42(ACBF.1.1)C0 in Feb. 2023 |
|
| PM7300-T0 | Hotfix available now Standard firmware V5.42(ABYY.1)C0 in Feb. 2023 |
|
| PM7320-B0 | Hotfix available now Standard firmware TBD |
|
| PMG5317-T20B | Hotfix available now Standard firmware TBD |
|
| PMG5617-T20B2 | Hotfix available now Standard firmware TBD |
|
| PMG5617GA | Hotfix available now Standard firmware TBD |
|
| PMG5622GA | Hotfix available now Standard firmware TBD |
|
| WiFi extender | WX3100-T0 | Hotfix available now Standard firmware V5.50(ABVL.1.1)C0 in Feb. 2023 |
| WX3401-B0 | Hotfix available now Standard firmware V5.17(ABVE.2.1)C0 in Feb. 2023 |
|
| WX5600-T0 | Hotfix available now Standard firmware V5.70(ACEB.0.1)C0 in Feb. 2023 |
| 產品 | 受影響的型號 | 修補程式* |
|---|---|---|
| 5G NR/4G LTE CPE | LTE3301-PLUS | Hotfix available now Standard firmware V1.00(ABQU.5)C0 in Feb. 2023 |
| LTE5388-M804 | Hotfix available now Standard firmware V1.00(ABSQ.4)C0 in Apr. 2023 |
|
| LTE5398-M904 | Hotfix available now Standard firmware V1.00(ABQV.3)C0 in Apr. 2023 |
|
| LTE7240-M403 | Hotfix available now Standard firmware V2.00(ABMG.6)C0 in May 2023 |
|
| LTE7461-M602 | Hotfix available now Standard firmware V2.00(ABQN.6)C0 in May 2023 |
|
| LTE7480-M804 | V1.00(ABRA.6)C0 | |
| LTE7480-S905 | Hotfix available now Standard firmware V1.00(ABVN.6)C0 in May 2023 |
|
| LTE7485-S905 | Hotfix available now Standard firmware V2.00(ABQT.6)C0 in May 2023 |
|
| LTE7490-M904 | V1.00(ABQY.5)C0 | |
| Nebula LTE3301-PLUS | V1.15(ACCA.3)C0 | |
| Nebula LTE7461-M602 | V1.15(ACEV.3)C0 | |
| Nebula NR5101 | V1.15(ACCG.3)C0 | |
| Nebula NR7101 | V1.15(ACCC.3)C0 | |
| NR5101 | V1.00(ABVC.6)C0 | |
| NR7101 | V1.00(ABUV.7)C0 | |
| NR7102 | V1.00(ABYD.2)C0 | |
| DSL/Ethernet CPE | DX3301-T0 | Hotfix available now Standard firmware V5.50(ABVY.3.4)C0 in Feb. 2023 |
| DX4510-B1 | Hotfix available now Standard firmware V5.17(ABYL.5)C0 in Jun. 2023 |
|
| DX5401-B0 | Hotfix available now Standard firmware V5.17(ABYO.3.1)C0 in Feb. 2023 |
|
| EMG3525-T50B | Hotfix available now Standard firmware V5.50(ABPM.7.3)C0 in Feb. 2023 |
|
| EMG5523-T50B | Hotfix available now Standard firmware V5.50(ABPM.7.3)C0 in Feb. 2023 |
|
| EMG5723-T50K | Hotfix available now Standard firmware V5.50(ABOM.8.2)C0 in Feb. 2023 |
|
| EX3301-T0 | Hotfix available now Standard firmware V5.50(ABVY.3.4)C0 in Feb. 2023 |
|
| EX3510-B0 | V5.17(ABUP.7)C0 | |
| EX5401-B0 | Hotfix available now Standard firmware V5.17(ABYO.3.1)C0 in Feb. 2023 |
|
| EX5501-B0 | Hotfix available now Standard firmware V5.17(ABRY.3.2)C0 in Feb. 2023 |
|
| EX5510-B0 | V5.17(ABQX.7)C0 | |
| EX5512-T0 | Hotfix available now Standard firmware TBD |
|
| EX5600-T1 | Hotfix available now Standard firmware V5.70(ACDZ.0.1)C0 in Feb. 2023 |
|
| EX5601-T0 | Hotfix available now Standard firmware V5.70(ACDZ.0.1)C0 in Feb. 2023 |
|
| EX5601-T1 | Hotfix available now Standard firmware V5.70(ACDZ.0.1)C0 in Feb. 2023 |
|
| VMG3927-T50K | Hotfix available now Standard firmware V5.50(ABOM.8.2)C0 in Feb. 2023 |
|
| VMG4005-B50A | Hotfix available now Standard firmware V5.17(ABQA.2)C0 in Feb. 2023 |
|
| VMG4005-B60A | Hotfix available now Standard firmware V5.17(ABQA.2)C0 in Feb. 2023 |
|
| VMG8623-T50B | Hotfix available now Standard firmware V5.50(ABPM.7.3)C0 in Feb. 2023 |
|
| VMG8825-T50K | Hotfix available now Standard firmware V5.50(ABOM.8.2)C0 in Feb. 2023 |
|
| Fiber ONT | AX7501-B0 | Hotfix available now Standard firmware V5.17(ABPC.3)C0 in Feb. 2023 |
| PM3100-T0 | Hotfix available now Standard firmware V5.42(ACBF.1.1)C0 in Feb. 2023 |
|
| PM5100-T0 | Hotfix available now Standard firmware V5.42(ACBF.1.1)C0 in Feb. 2023 |
|
| PM7300-T0 | Hotfix available now Standard firmware V5.42(ABYY.1)C0 in Feb. 2023 |
|
| PM7320-B0 | Hotfix available now Standard firmware TBD |
|
| PMG5317-T20B | Hotfix available now Standard firmware TBD |
|
| PMG5617-T20B2 | Hotfix available now Standard firmware TBD |
|
| PMG5617GA | Hotfix available now Standard firmware TBD |
|
| PMG5622GA | Hotfix available now Standard firmware TBD |
|
| WiFi extender | WX3100-T0 | Hotfix available now Standard firmware V5.50(ABVL.1.1)C0 in Feb. 2023 |
| WX3401-B0 | Hotfix available now Standard firmware V5.17(ABVE.2.1)C0 in Feb. 2023 |
|
| WX5600-T0 | Hotfix available now Standard firmware V5.70(ACEB.0.1)C0 in Feb. 2023 |
| 產品 | 受影響的型號 | 修補程式* |
|---|---|---|
| 5G NR/4G LTE CPE | LTE3301-PLUS | Hotfix available now Standard firmware V1.00(ABQU.5)C0 in Feb. 2023 |
| LTE5388-M804 | Hotfix available now Standard firmware V1.00(ABSQ.4)C0 in Apr. 2023 |
|
| LTE5398-M904 | Hotfix available now Standard firmware V1.00(ABQV.3)C0 in Apr. 2023 |
|
| LTE7240-M403 | Hotfix available now Standard firmware V2.00(ABMG.6)C0 in May 2023 |
|
| LTE7461-M602 | Hotfix available now Standard firmware V2.00(ABQN.6)C0 in May 2023 |
|
| LTE7480-M804 | V1.00(ABRA.6)C0 | |
| LTE7480-S905 | Hotfix available now Standard firmware V1.00(ABVN.6)C0 in May 2023 |
|
| LTE7485-S905 | Hotfix available now Standard firmware V2.00(ABQT.6)C0 in May 2023 |
|
| LTE7490-M904 | V1.00(ABQY.5)C0 | |
| Nebula LTE3301-PLUS | V1.15(ACCA.3)C0 | |
| Nebula LTE7461-M602 | V1.15(ACEV.3)C0 | |
| Nebula NR5101 | V1.15(ACCG.3)C0 | |
| Nebula NR7101 | V1.15(ACCC.3)C0 | |
| NR5101 | V1.00(ABVC.6)C0 | |
| NR7101 | V1.00(ABUV.7)C0 | |
| NR7102 | V1.00(ABYD.2)C0 | |
| DSL/Ethernet CPE | DX3301-T0 | Hotfix available now Standard firmware V5.50(ABVY.3.4)C0 in Feb. 2023 |
| DX4510-B1 | Hotfix available now Standard firmware V5.17(ABYL.5)C0 in Jun. 2023 |
|
| DX5401-B0 | Hotfix available now Standard firmware V5.17(ABYO.3.1)C0 in Feb. 2023 |
|
| EMG3525-T50B | Hotfix available now Standard firmware V5.50(ABPM.7.3)C0 in Feb. 2023 |
|
| EMG5523-T50B | Hotfix available now Standard firmware V5.50(ABPM.7.3)C0 in Feb. 2023 |
|
| EMG5723-T50K | Hotfix available now Standard firmware V5.50(ABOM.8.2)C0 in Feb. 2023 |
|
| EX3301-T0 | Hotfix available now Standard firmware V5.50(ABVY.3.4)C0 in Feb. 2023 |
|
| EX3510-B0 | V5.17(ABUP.7)C0 | |
| EX5401-B0 | Hotfix available now Standard firmware V5.17(ABYO.3.1)C0 in Feb. 2023 |
|
| EX5501-B0 | Hotfix available now Standard firmware V5.17(ABRY.3.2)C0 in Feb. 2023 |
|
| EX5510-B0 | V5.17(ABQX.7)C0 | |
| EX5512-T0 | Hotfix available now Standard firmware TBD |
|
| EX5600-T1 | Hotfix available now Standard firmware V5.70(ACDZ.0.1)C0 in Feb. 2023 |
|
| EX5601-T0 | Hotfix available now Standard firmware V5.70(ACDZ.0.1)C0 in Feb. 2023 |
|
| EX5601-T1 | Hotfix available now Standard firmware V5.70(ACDZ.0.1)C0 in Feb. 2023 |
|
| VMG3927-T50K | Hotfix available now Standard firmware V5.50(ABOM.8.2)C0 in Feb. 2023 |
|
| VMG4005-B50A | Hotfix available now Standard firmware V5.17(ABQA.2)C0 in Feb. 2023 |
|
| VMG4005-B60A | Hotfix available now Standard firmware V5.17(ABQA.2)C0 in Feb. 2023 |
|
| VMG8623-T50B | Hotfix available now Standard firmware V5.50(ABPM.7.3)C0 in Feb. 2023 |
|
| VMG8825-T50K | Hotfix available now Standard firmware V5.50(ABOM.8.2)C0 in Feb. 2023 |
|
| Fiber ONT | AX7501-B0 | Hotfix available now Standard firmware V5.17(ABPC.3)C0 in Feb. 2023 |
| PM3100-T0 | Hotfix available now Standard firmware V5.42(ACBF.1.1)C0 in Feb. 2023 |
|
| PM5100-T0 | Hotfix available now Standard firmware V5.42(ACBF.1.1)C0 in Feb. 2023 |
|
| PM7300-T0 | Hotfix available now Standard firmware V5.42(ABYY.1)C0 in Feb. 2023 |
|
| PM7320-B0 | Hotfix available now Standard firmware TBD |
|
| PMG5317-T20B | Hotfix available now Standard firmware TBD |
|
| PMG5617-T20B2 | Hotfix available now Standard firmware TBD |
|
| PMG5617GA | Hotfix available now Standard firmware TBD |
|
| PMG5622GA | Hotfix available now Standard firmware TBD |
|
| WiFi extender | WX3100-T0 | Hotfix available now Standard firmware V5.50(ABVL.1.1)C0 in Feb. 2023 |
| WX3401-B0 | Hotfix available now Standard firmware V5.17(ABVE.2.1)C0 in Feb. 2023 |
|
| WX5600-T0 | Hotfix available now Standard firmware V5.70(ACEB.0.1)C0 in Feb. 2023 |
*如果修補韌體沒有下載連結,請聯繫當地Zyxel技術團隊。
請注意表格內的型號不包含網路服務供應商(ISP)的客製型號。
網路服務供應商(ISP)請聯繫Zyxel業務代表或Zyxel技術團隊,做進一步的洽詢。
從ISP收到Zyxel設備的最終用戶,我們建議您直接聯繫ISP的技術團隊,因為該設備可能具有特別的設定。
對於自行購買Zyxel設備的終端用戶,請聯繫您當地的Zyxel技術團隊獲取新的韌體檔案以確保最佳保護,或造訪我們的論壇以獲得進一步的幫助。
如何獲得協助?
如有任何問題,請聯繫Zyxel經銷商、Zyxel技術團隊(0800-500-550),或至官方Zyxel中文論壇,我們將會提供進一步協助與說明。
致謝
特別感謝Positive Technologies團隊的Nikita Abramov主動向我們回報此問題。
修訂記錄
2023-1-11: 初始版本