Remote code execution in Zyxel routers
Security Bulletin
This security bulletin contains one high risk vulnerability.
1) Input validation error
EUVDB-ID: #VU49097
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to insufficient validation of user-supplied input when processing HTTP requests in zhttpd webserver. A remote attacker can send specially crafted HTTP request to the affected device and execute arbitrary code on the system.
Successful exploitation of the vulnerability will result in a complete compromise of the router.
Install updates from vendor's website.
Note, some of the firmware updates are scheduled to be released during 2021.
EMG3525-T50B: before V5.50(ABSL.0)b8
EMG5523-T50B: before V5.50(ABSL.0)b8
EMG5723-T50K: before V5.50(ABOM.5)C0
EMG6726-B10A: before V5.13 (ABNP.6).C0
EX3510-B0: before V5.17(ABUP.3)C0
EX5510-B0: before V5.15(ABQX.3)C0
VMG3625-T50B: before V5.50(ABPM.4)C0
VMG3925-B10B/B10C: before V5.13(AAVF.16)C0
VMG3927-B50A_B60A: before V5.15(ABMT.5)C0
VMG3927-B50B: before V5.13(ABLY.6)C0
VMG3927-T50K: before V5.50(ABOM.5)C0
VMG4005-B50B: before V5.13(ABRL.5)C0
VMG4927-B50A: before V5.13(ABLY.6)C0
VMG8623-T50B: before V5.50(ABPM.4)C0
VMG8825-B50A_B60A: before V5.15(ABMT.5)C0
VMG8825-Bx0B: before V5.15(ABNY.5)C0
VMG8825-T50K: before V5.50(ABOM.5)C0
VMG8924-B10D: before V5.13(ABGQ.6)C0
XMG3927-B50A: before V5.15(ABMT.5)C0
XMG8825-B50A: before V5.15(ABMT.5)C0
VMG1312-T20B: before V5.50(ABSB.3)C0
External linksQ & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
