1. 首頁
  2. Support Overview
  3. Security Advisories
  4. 兆勤科技安全漏洞公告:關於部分 4G LTE/5G NR CPE、DSL/Ethernet CPE、光纖 ONT、安全路由器及 WiFi 延伸器裝置中存在的未受控資源消耗與命令注入漏洞

兆勤科技安全漏洞公告:關於部分 4G LTE/5G NR CPE、DSL/Ethernet CPE、光纖 ONT、安全路由器及 WiFi 延伸器裝置中存在的未受控資源消耗與命令注入漏洞

CVEs 編號: CVE-2025-6599, CVE-2025-8693
摘要

Zyxel 已針對某些 4G LTE/5G NR CPE、DSL/Ethernet CPE、光纖 ONT、安全路由器及 WiFi 延伸器的特定韌體版本發布更新檔,這些更新修補了未受控資源消耗漏洞及後認證命令注入漏洞,請用戶儘速安裝相關更新,以確保最佳防護。

資安漏洞產生哪些狀況?

CVE-2025-6599

部分 4G LTE/5G NR CPE、DSL/Ethernet CPE、光纖 ONT、安全路由器及 WiFi 延伸器的網頁伺服器中存在未受控資源消耗漏洞,允許攻擊者執行類似 Slowloris 風格的服務阻斷(DoS)攻擊,暫時阻擋合法的 HTTP 請求並部分中斷對網頁管理介面的存取。其他網路服務不受影響。

CVE-2025-8693

部分 DSL/Ethernet CPE、光纖 ONT 及 WiFi 延伸器韌體版本中,CGI 程式的「priv」參數存在後認證命令注入漏洞,可能允許已驗證的攻擊者在受影響裝置上執行作業系統命令。值得注意的是,這些裝置預設禁用 WAN 存取,且攻擊只有在強且唯一的使用者密碼被破解後才可能成功。

哪些版本受到影響?應該採取的行動?

經過詳細調查,我們已確認在其漏洞支援期間內受影響的產品,並針對這些漏洞釋出韌體更新,如下表所示。請注意,表中未包含專為 ISP 客戶設計的客製化機型。市場上的其他產品若未列入表中,則不受影響。


表一:受 CVE-2025-6599 影響的型號
產品 受影響的型號 受影響的版本 最新修補程式
4G LTE/5G NR CPE LTE3301-PLUS 1.00(ABQU.7)C0 and earlier 1.00(ABQU.8)C0*
NR5103 4.19(ABYC.8)C0 and earlier 4.19(ABYC.9)C0*
NR5103E 1.00(ACDJ.1)C0 and earlier 1.00(ACDJ.2)C0*
NR5309 1.00(ACKP.1)b3 and earlier 1.00(ACKP.1)C0*
NR7302 5.00(ACHA.5)C0 and earlier 1.00(ACHA.6)C0*
NR7303 1.00(ACEI.1)C0 and earlier 1.00(ACEI.2)C0*
Nebula FWA505 1.19(ACKO.0)C0 and earlier 1.60(ACKO.0)C0*
Nebula FWA510 1.20(ACGD.1)C0 and earlier 1.60(ACGD.0)C0*
Nebula FWA515 1.50(ACPZ.0)C0 and earlier 1.60(ACPZ.0)C0*
Nebula FWA710 1.20(ACGC.0)C0 and earlier 1.60(ACGC.0)C0*
DSL/Ethernet CPE DM4200-B0 5.17(ACBS.1.3)C0 and earlier 5.17(ACBS.1.4)C0*
DX3300-T0 5.50(ABVY.6.3)C0 and earlier 5.50(ABVY.6.4)C0*
DX3300-T1 5.50(ABVY.6.3)C0 and earlier 5.50(ABVY.6.4)C0*
DX3301-T0 5.50(ABVY.6.3)C0 and earlier 5.50(ABVY.6.4)C0*
DX4510-B1 5.17(ABYL.9)C0 and earlier 5.17(ABYL.9.1)C0*
DX5401-B0 5.17(ABYO.7)b2 and earlier 5.17(ABYO.7)C0*
DX5401-B1 5.17(ABYO.7)b2 and earlier 5.17(ABYO.7)C0*
EE3301-00 5.63(ACMU.1.1)C0 and earlier 5.63(ACMU.2)C0*
EE5301-00 5.63(ACLD.1.1)C0 and earlier 5.63(ACLD.2)C0*
EE6510-10 5.19(ACJQ.3)C0 and earlier 5.19(ACJQ.4)C0*
EX3300-T0 5.50(ABVY.6.3)C0 and earlier
5.50(ACDI.2.1)C0 and earlier		 5.50(ABVY.6.4)C0*
5.50(ACDI.2.2)C0*
EX3300-T1 5.50(ABVY.6.3)C0 and earlier 5.50(ABVY.6.4)C0*
EX3301-T0 5.50(ABVY.6.3)C0 and earlier 5.50(ABVY.6.4)C0*
EX3500-T0 5.44(ACHR.4)C0 and earlier 5.44(ACHR.4.1)C0*
EX3501-T0 5.44(ACHR.4)C0 and earlier 5.44(ACHR.4.1)C0*
EX3600-T0 5.70(ACIF.1.2)C0 and earlier 5.70(ACIF.1.3)C0*
EX5401-B0 5.17(ABYO.7)b2 and earlier 5.17(ABYO.7)C0*
EX5401-B1 5.17(ABYO.7)b2 and earlier 5.17(ABYO.7)C0*
EX5501-B0 5.17(ABRY.5.5)C0 and earlier 5.17(ABRY.5.6)C0*
EX5510-B0 5.17(ABQX.10)C0 and earlier 5.17(ABQX.11)C0*
EX5512-T0 5.70(ACEG.5)C0 and earlier 5.70(ACEG.5.1)C0*
EX5601-T0 5.70(ACDZ.4.1)C0 and earlier 5.70(ACDZ.4.3)C0*
EX5601-T1 5.70(ACDZ.4.1)C0 and earlier 5.70(ACDZ.4.3)C0*
EX7501-B0 5.18(ACHN.2.1)C0 and earlier 5.18(ACHN.2.2)C0*
EX7710-B0 5.18(ACAK.1.4)C0 and earlier 5.18(ACAK.1.5)C0*
EMG3525-T50B 5.50(ABPM.9.5)C0 and earlier 5.50(ABPM.9.6)C0*
EMG5523-T50B 5.50(ABPM.9.5)C0 and earlier 5.50(ABPM.9.6)C0*
EMG5723-T50K 5.50(ABOM.8.6)C0 and earlier 5.50(ABOM.8.7)C0*
EMG6726-B10A 5.13(ABNP.8)C0 and earlier 5.13(ABNP.8.1)C0*
GM4100-B0 5.18(ACCL.1)C0 and earlier 5.18(ACCL.1.1)C0*
VMG3625-T50B 5.50(ABPM.9.5)C0 and earlier 5.50(ABPM.9.6)C0*
VMG3927-B50B 5.13(ABLY.10)C0 and earlier 5.13(ABLY.10.1)C0*
VMG3927-T50K 5.50(ABOM.8.6)C0 and earlier 5.50(ABOM.8.7)C0*
VMG4005-B50A 5.17(ABQA.3)C0 and earlier 5.17(ABQA.3.1)C0*
VMG4005-B60A 5.17(ABQA.3)C0 and earlier 5.17(ABQA.3.1)C0*
VMG4005-B50B 5.13(ABRL.5.3)C0 and earlier 5.13(ABRL.5.4)C0*
VMG4927-B50A 5.13(ABLY.10)C0 and earlier 5.13(ABLY.10.1)C0*
VMG8623-T50B 5.50(ABPM.9.5)C0 and earlier 5.50(ABPM.9.6)C0*
VMG8825-T50K 5.50(ABOM.8.6)C0 and earlier 5.50(ABOM.8.7)C0*
Fiber ONT AX7501-B0 5.17(ABPC.6.1)C0 and earlier 5.17(ABPC.6.2)C0*
AX7501-B1 5.17(ABPC.6.1)C0 and earlier 5.17(ABPC.6.2)C0*
PE3301-00 5.63(ACMT.1.1)C0 and earlier 5.63(ACMT.2)C0*
PE5301-01 5.63(ACOJ.1.1)C0 and earlier 5.63(ACOJ.2)C0*
PM3100-T0 5.42(ACBF.3)C0 and earlier 5.42(ACBF.4)C0*
PM5100-T0 5.42(ACBF.3)C0 and earlier 5.42(ACBF.4)C0*
PM7500-00 5.61(ACKK.1)C0 and earlier 5.61(ACKK.1.1)C0*
PM7300-T0 5.42(ABYY.3)C0 and earlier 5.42(ABYY.4)C0*
PX3321-T1 5.44(ACJB.1.3)C0 and earlier
5.44(ACHK.1)C0 and earlier		 5.44(ACJB.1.4)C0*
5.44(ACHK.2)C0*
PX5301-T0 5.44(ACKB.0.4)C0 and earlier 5.44(ACKB.0.5)C0*
Security router SCR 50AXE 1.10(ACGN.3)C0 and earlier 1.20(ACGN.0)C0**
WiFi extender WE3300-00 5.70(ACKA.0)C0 and earlier 5.70(ACKA.1)C0*
WX3100-T0 5.50(ABVL.4.7)C0 and earlier 5.50(ABVL.4.8)C0*
WX3401-B0 5.17(ABVE.2.8)C0 and earlier 5.17(ABVE.2.9)C0*
WX3401-B1 5.17(ABVE.2.8)C0 and earlier 5.17(ABVE.2.9)C0*
WX5600-T0 5.70(ACEB.4.1)C0 and earlier 5.70(ACEB.4.3)C0*
WX5610-B0 5.18(ACGJ.0.3)C0 and earlier 5.18(ACGJ.0.4)C0*

* 請聯繫您的 Zyxel 業務代表或支援團隊以取得檔案。

** 由雲端更新。

表二:受 CVE-2025-8693 影響的型號
產品 受影響的型號 受影響的版本 最新修補程式
DSL/Ethernet CPE DM4200-B0 5.17(ACBS.1.3)C0 and earlier 5.17(ACBS.1.4)C0*
DX3300-T0 5.50(ABVY.6.3)C0 and earlier 5.50(ABVY.6.4)C0*
DX3300-T1 5.50(ABVY.6.3)C0 and earlier 5.50(ABVY.6.4)C0*
DX3301-T0 5.50(ABVY.6.3)C0 and earlier 5.50(ABVY.6.4)C0*
DX4510-B1 5.17(ABYL.9)C0 and earlier 5.17(ABYL.9.1)C0*
DX5401-B0 5.17(ABYO.7)b2 and earlier 5.17(ABYO.7)C0*
DX5401-B1 5.17(ABYO.7)b2 and earlier 5.17(ABYO.7)C0*
EE3301-00 5.63(ACMU.1.1)C0 and earlier 5.63(ACMU.2)C0*
EE5301-00 5.63(ACLD.1.1)C0 and earlier 5.63(ACLD.2)C0*
EE6510-10 5.19(ACJQ.3)C0 and earlier 5.19(ACJQ.4)C0*
EX3300-T0 5.50(ABVY.6.3)C0 and earlier
5.50(ACDI.2.1)C0 and earlier		 5.50(ABVY.6.4)C0*
5.50(ACDI.2.2)C0*
EX3300-T1 5.50(ABVY.6.3)C0 and earlier 5.50(ABVY.6.4)C0*
EX3301-T0 5.50(ABVY.6.3)C0 and earlier 5.50(ABVY.6.4)C0*
EX3500-T0 5.44(ACHR.4)C0 and earlier 5.44(ACHR.4.1)C0*
EX3501-T0 5.44(ACHR.4)C0 and earlier 5.44(ACHR.4.1)C0*
EX3510-B0 5.17(ABUP.15)C0 and earlier 5.17(ABUP.15.1)C0*
EX3510-B1 5.17(ABUP.15)C0 and earlier 5.17(ABUP.15.1)C0*
EX3600-T0 5.70(ACIF.1.2)C0 and earlier 5.70(ACIF.1.3)C0*
EX5401-B0 5.17(ABYO.7)b2 and earlier 5.17(ABYO.7)C0*
EX5401-B1 5.17(ABYO.7)b2 and earlier 5.17(ABYO.7)C0*
EX5501-B0 5.17(ABRY.5.5)C0 and earlier 5.17(ABRY.5.6)C0*
EX5510-B0 5.17(ABQX.10)C0 and earlier 5.17(ABQX.11)C0*
EX5512-T0 5.70(ACEG.5)C0 and earlier 5.70(ACEG.5.1)C0*
EX5601-T0 5.70(ACDZ.4.1)C0 and earlier 5.70(ACDZ.4.3)C0*
EX5601-T1 5.70(ACDZ.4.1)C0 and earlier 5.70(ACDZ.4.3)C0*
EX7501-B0 5.18(ACHN.2.1)C0 and earlier 5.18(ACHN.2.2)C0*
EX7710-B0 5.18(ACAK.1.4)C0 and earlier 5.18(ACAK.1.5)C0*
EMG3525-T50B 5.50(ABPM.9.5)C0 and earlier 5.50(ABPM.9.6)C0*
EMG5523-T50B 5.50(ABPM.9.5)C0 and earlier 5.50(ABPM.9.6)C0*
EMG5723-T50K 5.50(ABOM.8.6)C0 and earlier 5.50(ABOM.8.7)C0*
GM4100-B0 5.18(ACCL.1)C0 and earlier 5.18(ACCL.1.1)C0*
VMG3625-T50B 5.50(ABPM.9.5)C0 and earlier 5.50(ABPM.9.6)C0*
VMG3927-T50K 5.50(ABOM.8.6)C0 and earlier 5.50(ABOM.8.7)C0*
VMG4005-B50A 5.17(ABQA.3)C0 and earlier 5.17(ABQA.3.1)C0*
VMG4005-B60A 5.17(ABQA.3)C0 and earlier 5.17(ABQA.3.1)C0*
VMG4005-B50B 5.13(ABRL.5.3)C0 and earlier 5.13(ABRL.5.4)C0*
VMG8623-T50B 5.50(ABPM.9.5)C0 and earlier 5.50(ABPM.9.6)C0*
VMG8825-T50K 5.50(ABOM.8.6)C0 and earlier 5.50(ABOM.8.7)C0*
Fiber ONT AX7501-B0 5.17(ABPC.6.1)C0 and earlier 5.17(ABPC.6.2)C0*
AX7501-B1 5.17(ABPC.6.1)C0 and earlier 5.17(ABPC.6.2)C0*
PE3301-00 5.63(ACMT.1.1)C0 and earlier 5.63(ACMT.2)C0*
PE5301-01 5.63(ACOJ.1.1)C0 and earlier 5.63(ACOJ.2)C0*
PM3100-T0 5.42(ACBF.3)C0 and earlier 5.42(ACBF.4)C0*
PM5100-T0 5.42(ACBF.3)C0 and earlier 5.42(ACBF.4)C0*
PM7500-00 5.61(ACKK.1)C0 and earlier 5.61(ACKK.1.1)C0*
PM7300-T0 5.42(ABYY.3)C0 and earlier 5.42(ABYY.4)C0*
PX3321-T1 5.44(ACJB.1.3)C0 and earlier
5.44(ACHK.1)C0 and earlier		 5.44(ACJB.1.4)C0*
5.44(ACHK.2)C0*
PX5301-T0 5.44(ACKB.0.4)C0 and earlier 5.44(ACKB.0.5)C0*
WiFi extender WE3300-00 5.70(ACKA.0)C0 and earlier 5.70(ACKA.1)C0*
WX3100-T0 5.50(ABVL.4.7)C0 and earlier 5.50(ABVL.4.8)C0*
WX3401-B0 5.17(ABVE.2.8)C0 and earlier 5.17(ABVE.2.9)C0*
WX3401-B1 5.17(ABVE.2.8)C0 and earlier 5.17(ABVE.2.9)C0*
WX5600-T0 5.70(ACEB.4.1)C0 and earlier 5.70(ACEB.4.3)C0*
WX5610-B0 5.18(ACGJ.0.3)C0 and earlier 5.18(ACGJ.0.4)C0*

* 請聯繫您的 Zyxel 業務代表或支援團隊以取得檔案。

對於 ISP,請聯繫您的 Zyxel 業務或服務代表以獲取進一步資訊。

對於從 ISP 取得 Zyxel 裝置的終端使用者,建議直接聯繫該 ISP 的支援團隊,因為裝置可能具備客製化設定。

對於自行購買 Zyxel 裝置的終端使用者,請聯繫 Zyxel 經銷商、Zyxel 技術團隊(0800-500-550)取得新版韌體檔案,以確保最佳防護,或至官方 Zyxel 中文論壇尋求進一步協助。

如何獲得協助?

如有任何問題,請聯繫 Zyxel 經銷商、Zyxel 技術團隊(0800-500-550),或至官方 Zyxel 中文論壇,我們將會提供進一步協助與說明。

致謝

感謝以下資安研究人員的協助:

  • Iván Domínguez Garzás(來自 Zerolynx)協助揭露 CVE-2025-6599
  • Joni Gadd 協助揭露 CVE-2025-8693
修訂記錄

2025-11-18:初始版本