www.zyxel.com
Open in
urlscan Pro
52.222.236.112
Public Scan
Submitted URL: https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-fi...
Effective URL: https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-fi...
Submission: On February 27 via api from IL — Scanned from IL
Effective URL: https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-fi...
Submission: On February 27 via api from IL — Scanned from IL
Form analysis 1 forms found in the DOM
GET /global/en/newsroom/newsletter
<form
class="webform-submission-form webform-submission-add-form webform-submission-newsletter-subscription-footer-form webform-submission-newsletter-subscription-footer-add-form webform-submission-newsletter-subscription-footer-node-19525-form webform-submission-newsletter-subscription-footer-node-19525-add-form js-webform-details-toggle webform-details-toggle"
target="_blank" data-drupal-selector="webform-submission-newsletter-subscription-footer-node-19525-add-form" action="/global/en/newsroom/newsletter" method="get" id="webform-submission-newsletter-subscription-footer-node-19525-add-form"
accept-charset="UTF-8" data-once="form-updated" data-drupal-form-fields="edit-email,edit-actions-submit">
<div id="edit-header" class="form-item js-form-item form-type-processed-text js-form-type-processed-text form-item- js-form-item- form-no-label form-group">
<p>Sign up for our newsletters to get the latest news!</p>
</div>
<div data-drupal-selector="edit-flexbox" class="form-group js-form-wrapper form-wrapper" id="edit-flexbox">
<div class="form-item js-form-item form-type-email js-form-type-email form-item-email js-form-item-email form-group">
<label for="edit-email" class="control-label js-form-required form-required">Email</label>
<input data-webform-required-error="This field is required." pattern="^\w+([\.-]?\w+)*@\w+([\.-]?\w+)*(\.\w{2,3})+$" data-webform-pattern-error="Email field is not in the right format." data-drupal-selector="edit-email"
class="form-email required form-control" type="email" id="edit-email" name="email" value="" size="60" maxlength="254" required="required" aria-required="true">
</div>
<div data-drupal-selector="edit-actions" class="form-actions webform-actions form-group js-form-wrapper form-wrapper" id="edit-actions"><button class="webform-button--submit button button--primary js-form-submit form-submit btn-primary btn"
data-drupal-selector="edit-actions-submit" type="submit" id="edit-actions-submit" name="op" value="Subscribe">Subscribe</button>
</div>
</div>
</form>Text Content
Skip to main content
Service Provider
Partners
×
Already a Partner?
Log in
Partner Program
Ecosystem Partners
Global (English)
SELECT YOUR LOCATION
* Global (English)
AFRICA
* South Africa (English)
ASIA
* Azerbaijan (Русский)
* China (简体中文)
* India (English)
* Japan (日本語)
* Kazakhstan (Русский)
* Kyrgyzstan (Русский)
* Malaysia (English)
* Pakistan (English)
* Philippines (English)
* Singapore (English)
* South Korea (한국어)
* Taiwan (繁體中文)
* Tajikistan (Русский)
* Thailand (ภาษาไทย)
* Uzbekistan (Русский)
* Vietnam (Tiếng Việt)
CENTRAL AMERICA
* Central America (English)
EUROPE
* Belgium (Nederlands)
* Belgium (Français)
* Bulgaria (Български)
* Czechia (Čeština)
* Denmark (Dansk)
* Estonia (English)
* Finland (Suomi)
* France (Français)
* Georgia (Русский)
* Germany (Deutsch)
* Greece (English)
* Hungary (Magyar)
* Ireland (English)
* Italy (Italiano)
* Latvia (English)
* Lithuania (English)
* Netherlands (Nederlands)
* Norway (Norsk)
* Poland (Polski)
* Romania (România)
* CIS (Русский)
* Slovakia (Slovenčina)
* Spain (Español)
* Sweden (Svenska)
* Switzerland (Français)
* Switzerland (Deutsch)
* Turkiye (Türkiye)
* Ukraine (Українська)
* United Kingdom (English)
MIDDLE EAST
* Israel (עִבְרִית)
* Middle East (English)
NORTH AMERICA
* United States (English)
OCEANIA
* Australia (English)
* New Zealand (English)
SOUTH AMERICA
* Argentina (Español)
* Bolivia (Español)
* Brazil (Português)
* Chile (Español)
* Colombia (Español)
* Ecuador (Español)
* Paraguay (Español)
* Peru (Español)
* Uruguay (Español)
Toggle navigation
* Products
SECURITY
* Next-Gen Firewall
* VPN Firewall
NETWORKING
* Switch
* Wireless
* Mobile Broadband
* In-Building Coverage
SERVICE AND LICENSE
* Security
* Management and Reporting
* Endpoint and Connectivity
HOME CONNECTIVITY
* WiFi System
* WiFi Extender
* DSL CPE
* Powerline
SUCCESS STORIES
Driving digital transformation for operational efficiency and continuity
Learn more
License Finder
* Solutions
ORGANIZATION SIZES
From small to large, we cater for them all
* Home
* Startup/Small Business
* Medium Business
* Large Business
USE CASES
Find the product that meets your business needs
* Nebula Cloud
* IP Surveillance
* Hospitality
* Networked AV
* NIS2 Security
TECHNOLOGIES
Experience the latest we have to offer
* Multi-Gigabit
* Network Security
* WiFi 7
* WiFi 6E
* 5G FWA
WHAT’S NEW?
Just Connect Campaign – Powerful, effortless and scalable network
connectivity.
See More
Success Stories
* Support & Training
SUPPORT
COMMUNITY
Discuss with your peers and Zyxel specialists to ask for help.
DOWNLOAD LIBRARY
Manual, firmware and quick start guides.
SECURITY ADVISORIES
Check the latest information and remediation available for vulnerabilities
that are reported in Zyxel products.
WARRANTY INFORMATION
Find out if your product is within warranty.
See all support
TRAINING
EDUCATION CENTER
Design to provide you with in-depth knowledge on how to install, configure
and manage Zyxel products.
CERTIFICATION PROGRAMS
Learn extensive technology foundations, instructor-led courses and get
rewarded by becoming certified.
* Where to Buy
BUY ONLINE
ZYXEL STORE
Shop the latest range of networking and security devices from Zyxel official
store.
ZYXEL CIRCLE
License and asset management for partners.
Learn More
ZYXEL MARKETPLACE
Shop the full selection of licenses and services to easily renew and deploy
licenses.
Learn More
ECOMMERCE PARTNERS
Purchase Zyxel from your favorite shops.
LOCATE PARTNERS
RESELLERS
Our partners all over the country who provide better products and services
for local market.
DISTRIBUTORS
Shop for business products with our partners.
RETAIL STORES
Contact information for Zyxel authorized retail stores.
Sign in
×
Relevant Results See all search results
--------------------------------------------------------------------------------
Toggle navigation
Sign in
* Products
* Security
* Next-Gen Firewall
* VPN Firewall
* Networking
* Switch
* Wireless
* Mobile Broadband
* In-Building Coverage
* Service and License
* Security
* Management and Reporting
* Endpoint and Connectivity
* Home Connectivity
* WiFi System
* WiFi Extender
* DSL CPE
* Powerline
* Solutions
* Organization Sizes
* Home
* Startup/Small Business
* Medium Business
* Large Business
* Use Cases
* Nebula Cloud
* IP Surveillance
* Hospitality
* Networked AV
* NIS2 Security
* Technologies
* Multi-Gigabit
* Network Security
* WiFi 7
* WiFi 6E
* 5G FWA
* Support & Training
* SUPPORT
* Community
* Download Library
* Security Advisories
* Warranty Information
* See all support
* TRAINING
* Education Center
* Certification Programs
* Where to Buy
* BUY ONLINE
* Zyxel Store
* Zyxel Marketplace
* Zyxel Circle
* eCommerce Partners
* LOCATE PARTNERS
* Resellers
* Retail Stores
* Distributors
* Service Provider
Global (English)
SELECT YOUR LOCATION
* Global (English)
AFRICA
* South Africa (English)
ASIA
* Azerbaijan (Русский)
* China (简体中文)
* India (English)
* Japan (日本語)
* Kazakhstan (Русский)
* Kyrgyzstan (Русский)
* Malaysia (English)
* Pakistan (English)
* Philippines (English)
* Singapore (English)
* South Korea (한국어)
* Taiwan (繁體中文)
* Tajikistan (Русский)
* Thailand (ภาษาไทย)
* Uzbekistan (Русский)
* Vietnam (Tiếng Việt)
CENTRAL AMERICA
* Central America (English)
EUROPE
* Belgium (Nederlands)
* Belgium (Français)
* Bulgaria (Български)
* Czechia (Čeština)
* Denmark (Dansk)
* Estonia (English)
* Finland (Suomi)
* France (Français)
* Georgia (Русский)
* Germany (Deutsch)
* Greece (English)
* Hungary (Magyar)
* Ireland (English)
* Italy (Italiano)
* Latvia (English)
* Lithuania (English)
* Netherlands (Nederlands)
* Norway (Norsk)
* Poland (Polski)
* Romania (România)
* CIS (Русский)
* Slovakia (Slovenčina)
* Spain (Español)
* Sweden (Svenska)
* Switzerland (Français)
* Switzerland (Deutsch)
* Turkiye (Türkiye)
* Ukraine (Українська)
* United Kingdom (English)
MIDDLE EAST
* Israel (עִבְרִית)
* Middle East (English)
NORTH AMERICA
* United States (English)
OCEANIA
* Australia (English)
* New Zealand (English)
SOUTH AMERICA
* Argentina (Español)
* Bolivia (Español)
* Brazil (Português)
* Chile (Español)
* Colombia (Español)
* Ecuador (Español)
* Paraguay (Español)
* Peru (Español)
* Uruguay (Español)
1. Home
2. Support Overview
3. Security Advisories
4. Zyxel security advisory for multiple vulnerabilities in firewalls and APs
ZYXEL SECURITY ADVISORY FOR MULTIPLE VULNERABILITIES IN FIREWALLS AND APS
CVES: CVE-2023-6397, CVE-2023-6398, CVE-2023-6399, CVE-2023-6764
SUMMARY
Zyxel has released patches addressing multiple vulnerabilities in some firewall
and access point (AP) versions. Users are advised to install the patches for
optimal protection.
WHAT ARE THE VULNERABILITIES?
CVE-2023-6397
A null pointer dereference vulnerability in some firewall versions could allow a
LAN-based attacker to cause denial-of-service (DoS) conditions by downloading a
crafted RAR compressed file onto a LAN-side host if the firewall has the
“Anti-Malware” feature enabled.
CVE-2023-6398
A post-authentication command injection vulnerability in the file upload binary
in some firewall and AP versions could allow an authenticated attacker with
administrator privileges to execute some operating system (OS) commands on an
affected device via FTP.
CVE-2023-6399
A format string vulnerability in some firewall versions could allow an
authenticated IPSec VPN user to cause DoS conditions against the “deviceid”
daemon by sending a crafted hostname to an affected device if it has the “Device
Insight” feature enabled.
CVE-2023-6764
A format string vulnerability in a function of the IPSec VPN feature in some
firewall versions could allow an attacker to achieve unauthorized remote code
execution by sending a sequence of specially crafted payloads containing an
invalid pointer; however, such an attack would require detailed knowledge of an
affected device’s memory layout and configuration.
WHAT VERSIONS ARE VULNERABLE—AND WHAT SHOULD YOU DO?
After a thorough investigation, we have identified the vulnerable products that
are within their vulnerability support period and released updates to address
the vulnerabilities, as shown in the following tables.
Table 1. Firewalls affected by CVE-2023-6397, CVE-2023-6398, CVE-2023-6399, and
CVE-2023-6764
Firewall series Affected version Patch availability CVE-2023-6397 CVE-2023-6398
CVE-2023-6399 CVE-2023-6764 ATP ZLD V4.32 to V5.37 Patch 1 ZLD V4.32 to V5.37
Patch 1 ZLD V5.10 to V5.37 Patch 1 ZLD V4.32 to V5.37 Patch 1 ZLD V5.37 Patch 2
USG FLEX ZLD V4.50 to V5.37 Patch 1 ZLD V4.50 to V5.37 Patch 1 ZLD V5.10 to
V5.37 Patch 1 ZLD V4.50 to V5.37 Patch 1 ZLD V5.37 Patch 2 USG FLEX
50(W)/USG20(W)-VPN Not affected ZLD V4.16 to V5.37 Patch 1 ZLD V5.10 to V5.37
Patch 1 ZLD V4.16 to V5.37 Patch 1 ZLD V5.37 Patch 2 USG FLEX H Not affected uOS
V1.10 to V1.10 Patch 1 uOS V1.10 to V1.10 Patch 1 Not affected Hotfix is
available*
Standard patch uOS V1.20 in April 2024
Table 2. APs affected by CVE-2023-6398
AP model Affected version Patch availability NWA50AX 6.29(ABYW.3) and earlier
6.29(ABYW.4) NWA55AXE 6.29(ABZL.3) and earlier 6.29(ABZL.4) NWA90AX 6.29(ACCV.3)
and earlier 6.29(ACCV.4) NWA110AX 6.65(ABTG.1) and earlier 6.70(ABTG.2) NWA210AX
6.65(ABTD.1) and earlier 6.70(ABTD.2) NWA220AX-6E 6.65(ACCO.1) and earlier
6.70(ACCO.1) NWA1123ACv3 6.65(ABVT.1) and earlier 6.70(ABVT.1) WAC500
6.65(ABVS.1) and earlier 6.70(ABVS.1) WAC500H 6.65(ABWA.1) and earlier
6.70(ABWA.1) WAX300H 6.60(ACHF.1) and earlier 6.70(ACHF.1) WAX510D 6.65(ABTF.1)
and earlier 6.70(ABTF.2) WAX610D 6.65(ABTE.1) and earlier 6.70(ABTE.2)
WAX620D-6E 6.65(ACCN.1) and earlier 6.70(ACCN.1) WAX630S 6.65(ABZD.1) and
earlier 6.70(ABZD.2) WAX640S-6E 6.65(ACCM.1) and earlier 6.70(ACCM.1) WAX650S
6.65(ABRM.1) and earlier 6.70(ABRM.2) WAX655E 6.65(ACDO.1) and earlier
6.70(ACDO.1) WBE660S 6.65(ACGG.1) and earlier 6.70(ACGG.2) NWA50AX-PRO
6.65(ACGE.1) and earlier Hotfix is available upon request*
Standard patch 6.80(ACGE.0) in July 2024 NWA90AX-PRO 6.65(ACGF.1) and earlier
Hotfix is available upon request*
Standard patch 6.80(ACGF.0) in July 2024
*Please reach out to your local Zyxel support team for the file.
GOT A QUESTION?
Please contact your local service rep or visit Zyxel’s Community for further
information or assistance.
ACKNOWLEDGMENT
Thanks to Lays and atdog from TRAPA Security for reporting the issues to us.
REVISION HISTORY
2024-2-20: Initial release
2024-2-21: Updated the affected model list and patch availability
HAVE A QUESTION?
We are always here to help!
Contact us
Sign up for our newsletters to get the latest news!
Email
Subscribe
Follow us on
*
*
*
*
*
BOTTOM MENU 1
* Support
* Support Overview
* Community
* Download Library
* Warranty Information
* Security Advisories
* Other Terms & Announcements
BOTTOM MENU 2
* Where to Buy
* Zyxel Marketplace
* Locate Partners
* Distributors
* Newsroom
* Press Releases
* Awards & Reviews
* Newsletters
* Blogs
BOTTOM MENU 3
* Partner
* Partner Log In
* Partner Program
* Ecosystem Partners
* Company
* About Zyxel
* Sustainability
* Success Stories
* Zyxel Communications
Copyright © 2024 Zyxel and/or its affiliates. All Rights Reserved.
FOOTER
* Legal Notice
* Terms of Use
* Privacy Policy
* Cookie Settings
* Manage account
* Sign out
* Manage account
* Sign out
* myZyxel
* Nebula
* SecuReporter
* Astra
* Circle
* Marketplace
* Store
* Education
* Community
* myZyxel
* Nebula
* SecuReporter
* Astra
* Circle
* Marketplace
* Store
* Education
* Community
English
Bulgarian
Portuguese
Spanish
Czech
Danish
Finnish
French
Hungarian
Italian
Norwegian
Polish
Romanian
Russian
Slovak
en-in
zh-hant
es-co
German
Dutch
Thai
Turkish
Ukrainian
en-gb
Swedish
Vietnamese
en-us
de-ch
ja
×
This website uses cookies
We and our partners use cookies on our site for delivering personalized content,
ads and analyzing website traffic. This provides you with better browsing
experience. By clicking ‘Agree’ or navigating this site, you agree to the use of
cookies described in our cookie policy. Click ‘Deny’ to turn off third party
cookies. You can manage your cookie preferences at any time. Read more
Save & Close
Accept All
Decline All
Show details Hide details
Strictly necessary
Performance
Targeting
Functionality
Unclassified