Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
EUVDB-ID: #VU53154
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-24586
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists in the 802.11 standard due to the affected device does not clear its cache/memory to remove fragments of an incomplete MSDU/MMPDU from previous session after reconnection/reassociation. A remote attacker on the local network can perform a fragment cache attack and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Vulnerable software versionsWAH7706: All versions
LTE4506-M606: All versions
USG60W: All versions
USG40W: All versions
WX3310-B0: before 1.00(ABSF.2)C0
WRE6605: All versions
WRE6602: All versions
WRE6505 v2: All versions
WRE2206: All versions
WAP6806: All versions
WAP6804: All versions
WAP3205 v3: All versions
NWD6605: All versions
NWD6602: All versions
NWD6505: All versions
NBG7815 (Armor G5): All versions
NBG6818 (Armor G1): All versions
NBG6817 (Armor Z2): All versions
NBG6615: All versions
NBG6604: All versions
NBG6515: All versions
NBG-418N v2: All versions
WSR30 (Multy U): All versions
WSQ60 (Multy Plus): All versions
WSQ50 (Multy X): All versions
WSQ20 (Multy Mini): All versions
AX7501-B0: All versions
WAH7608: All versions
WAH7601: All versions
LTE5388-M804: All versions
LTE5366: All versions
LTE3316-M604(v2): All versions
LTE3316-M604(v1): All versions
LTE3302-M432: All versions
LTE3301-PLUS: All versions
LTE3301-M209: All versions
LTE3202-M437: All versions
LTE3202-M430: All versions
LTE2566: All versions
PMG5705-T10A: All versions
P-660HN-51: All versions
EMG3425-Q10A: All versions
USG20W-VPN: All versions
USG FLEX 100W: All versions
ATP100W: All versions
WAX650S: All versions
WAX610D: All versions
WAX510D: All versions
WAC6553D-E: All versions
WAC6552D-S: All versions
WAC6503D-S: All versions
WAC6502D-S: All versions
WAC6502D-E: All versions
WAC6103D-I: All versions
WAC500H: All versions
WAC500: All versions
NWA5123-AC: All versions
NWA210AX: All versions
NWA1302-AC: All versions
NWA1123ACv3: All versions
NWA1123-ACv2: All versions
NWA1123AC PRO: All versions
NWA110AX: All versions
NR7101: before 1.00(ABUV.4)C0
NR5101: before 1.00(ABVC.3)C0
NR2101: before 1.00(ABUS.5)C0
LTE7490-M904: before 1.00(ABQY.3)C0
LTE7485-S905: before 1.00(ABVN.5)C0
LTE7480-S905: before 2.00(ABQT.5)C0
LTE7480-M804: before 1.00(ABRA.3)C0
LTE7461-M602: before 2.00(ABQN.4)C0
LTE7240-M403: before 2.00(ABMG.4)C0
LTE5388-S905: before 1.00(ABVI.5)C0
PMG5622GA: before 5.40(ABNB.2)
PMG5617GA: before 5.40(ABNA.2)
PMG5317-T20B: before 5.40(ABKI.4)
XMG8825-B50A: before 5.17(ABMT.6)C0
XMG3927-B50A: before 5.17(ABMT.6)C0
VMG9827-B50A: before 5.13(ABLY.6)C0
VMG8825-T50K: before 5.50(ABOM.7)C0
VMG8825-Bx0B: before 5.17(ABNY.7)C0
VMG8825-B50A_B60A: before 5.17(ABMT.6)C0
VMG8623-T50B: before 5.50(ABPM.6)C0
VMG3927-T50K: before 5.50(ABOM.7)C0
VMG3927-B50B: before 5.13(ABLY.6)C0
VMG3927-B50A_B60A: before 5.17(ABMT.6)C0
VMG3625-T50B: before 5.50(ABPM.6)C0
VMG1312-T20B: before 5.50(ABSB.5)C0
EX5510-B0: before 5.15(ABQX.5)C0
EX5501-B0: before 5.17(ABRY.2)C0
EMG8726-B50A: before 5.13(ABNP.6)C0
EMG6726-B10A: before 5.13(ABNP.6)C0
EMG5723-T50K: before 5.50(ABOM.7)C0
EMG5523-T50B: before 5.50(ABSL.0)C0
EMG1702-T10A: before 1.00(ABNZ.1)C0
DX4510-B0: before 5.17(ABYL.0)C0
EMG3525-T50B: before 5.50(ABSL.0)C0
EMG3524-T10A: before 5.41(ABXU.1)C0
WAC6303D-S: before 6.25(ABGL.0)
WAC5302D-Sv2: before 6.25(ABVZ.0)
WAC5302D-S: before 6.25(ABFH.8)
NWA5123-AC HD: before 6.25(ABIM.0)
NWA1123-AC HD: before 6.25(ABIN.0)
EX3510-B0: before V5.17(ABUP.3)C0
VMG4927-B50A: before V5.13(ABLY.6)C0
External linkshttp://www.zyxel.com/support/Zyxel_security_advisory_for_FragAttacks_against_WiFi_products.shtml
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU53096
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-24587
CWE-ID: N/A
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application in Windows Wireless Networking. A remote attacker on the local network can gain unauthorized access to sensitive information on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsWAH7706: All versions
LTE4506-M606: All versions
USG60W: All versions
USG40W: All versions
WX3310-B0: before 1.00(ABSF.2)C0
WRE6605: All versions
WRE6602: All versions
WRE6505 v2: All versions
WRE2206: All versions
WAP6806: All versions
WAP6804: All versions
WAP3205 v3: All versions
NWD6605: All versions
NWD6602: All versions
NWD6505: All versions
NBG7815 (Armor G5): All versions
NBG6818 (Armor G1): All versions
NBG6817 (Armor Z2): All versions
NBG6615: All versions
NBG6604: All versions
NBG6515: All versions
NBG-418N v2: All versions
WSR30 (Multy U): All versions
WSQ60 (Multy Plus): All versions
WSQ50 (Multy X): All versions
WSQ20 (Multy Mini): All versions
AX7501-B0: All versions
WAH7608: All versions
WAH7601: All versions
LTE5388-M804: All versions
LTE5366: All versions
LTE3316-M604(v2): All versions
LTE3316-M604(v1): All versions
LTE3302-M432: All versions
LTE3301-PLUS: All versions
LTE3301-M209: All versions
LTE3202-M437: All versions
LTE3202-M430: All versions
LTE2566: All versions
PMG5705-T10A: All versions
P-660HN-51: All versions
EMG3425-Q10A: All versions
USG20W-VPN: All versions
USG FLEX 100W: All versions
ATP100W: All versions
WAX650S: All versions
WAX610D: All versions
WAX510D: All versions
WAC6553D-E: All versions
WAC6552D-S: All versions
WAC6503D-S: All versions
WAC6502D-S: All versions
WAC6502D-E: All versions
WAC6103D-I: All versions
WAC500H: All versions
WAC500: All versions
NWA5123-AC: All versions
NWA210AX: All versions
NWA1302-AC: All versions
NWA1123ACv3: All versions
NWA1123-ACv2: All versions
NWA1123AC PRO: All versions
NWA110AX: All versions
NR7101: before 1.00(ABUV.4)C0
NR5101: before 1.00(ABVC.3)C0
NR2101: before 1.00(ABUS.5)C0
LTE7490-M904: before 1.00(ABQY.3)C0
LTE7485-S905: before 1.00(ABVN.5)C0
LTE7480-S905: before 2.00(ABQT.5)C0
LTE7480-M804: before 1.00(ABRA.3)C0
LTE7461-M602: before 2.00(ABQN.4)C0
LTE7240-M403: before 2.00(ABMG.4)C0
LTE5388-S905: before 1.00(ABVI.5)C0
PMG5622GA: before 5.40(ABNB.2)
PMG5617GA: before 5.40(ABNA.2)
PMG5317-T20B: before 5.40(ABKI.4)
XMG8825-B50A: before 5.17(ABMT.6)C0
XMG3927-B50A: before 5.17(ABMT.6)C0
VMG9827-B50A: before 5.13(ABLY.6)C0
VMG8825-T50K: before 5.50(ABOM.7)C0
VMG8825-Bx0B: before 5.17(ABNY.7)C0
VMG8825-B50A_B60A: before 5.17(ABMT.6)C0
VMG8623-T50B: before 5.50(ABPM.6)C0
VMG3927-T50K: before 5.50(ABOM.7)C0
VMG3927-B50B: before 5.13(ABLY.6)C0
VMG3927-B50A_B60A: before 5.17(ABMT.6)C0
VMG3625-T50B: before 5.50(ABPM.6)C0
VMG1312-T20B: before 5.50(ABSB.5)C0
EX5510-B0: before 5.15(ABQX.5)C0
EX5501-B0: before 5.17(ABRY.2)C0
EMG8726-B50A: before 5.13(ABNP.6)C0
EMG6726-B10A: before 5.13(ABNP.6)C0
EMG5723-T50K: before 5.50(ABOM.7)C0
EMG5523-T50B: before 5.50(ABSL.0)C0
EMG1702-T10A: before 1.00(ABNZ.1)C0
DX4510-B0: before 5.17(ABYL.0)C0
EMG3525-T50B: before 5.50(ABSL.0)C0
EMG3524-T10A: before 5.41(ABXU.1)C0
WAC6303D-S: before 6.25(ABGL.0)
WAC5302D-Sv2: before 6.25(ABVZ.0)
WAC5302D-S: before 6.25(ABFH.8)
NWA5123-AC HD: before 6.25(ABIM.0)
NWA1123-AC HD: before 6.25(ABIN.0)
EX3510-B0: before V5.17(ABUP.3)C0
VMG4927-B50A: before V5.13(ABLY.6)C0
External linkshttp://www.zyxel.com/support/Zyxel_security_advisory_for_FragAttacks_against_WiFi_products.shtml
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU53098
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-24588
CWE-ID:
CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to incorrect processing of user-supplied data in Windows Wireless Networking. A remote attacker on the local network can spoof page content.
MitigationInstall updates from vendor's website.
Vulnerable software versionsWAH7706: All versions
LTE4506-M606: All versions
USG60W: All versions
USG40W: All versions
WX3310-B0: before 1.00(ABSF.2)C0
WRE6605: All versions
WRE6602: All versions
WRE6505 v2: All versions
WRE2206: All versions
WAP6806: All versions
WAP6804: All versions
WAP3205 v3: All versions
NWD6605: All versions
NWD6602: All versions
NWD6505: All versions
NBG7815 (Armor G5): All versions
NBG6818 (Armor G1): All versions
NBG6817 (Armor Z2): All versions
NBG6615: All versions
NBG6604: All versions
NBG6515: All versions
NBG-418N v2: All versions
WSR30 (Multy U): All versions
WSQ60 (Multy Plus): All versions
WSQ50 (Multy X): All versions
WSQ20 (Multy Mini): All versions
AX7501-B0: All versions
WAH7608: All versions
WAH7601: All versions
LTE5388-M804: All versions
LTE5366: All versions
LTE3316-M604(v2): All versions
LTE3316-M604(v1): All versions
LTE3302-M432: All versions
LTE3301-PLUS: All versions
LTE3301-M209: All versions
LTE3202-M437: All versions
LTE3202-M430: All versions
LTE2566: All versions
PMG5705-T10A: All versions
P-660HN-51: All versions
EMG3425-Q10A: All versions
USG20W-VPN: All versions
USG FLEX 100W: All versions
ATP100W: All versions
WAX650S: All versions
WAX610D: All versions
WAX510D: All versions
WAC6553D-E: All versions
WAC6552D-S: All versions
WAC6503D-S: All versions
WAC6502D-S: All versions
WAC6502D-E: All versions
WAC6103D-I: All versions
WAC500H: All versions
WAC500: All versions
NWA5123-AC: All versions
NWA210AX: All versions
NWA1302-AC: All versions
NWA1123ACv3: All versions
NWA1123-ACv2: All versions
NWA1123AC PRO: All versions
NWA110AX: All versions
NR7101: before 1.00(ABUV.4)C0
NR5101: before 1.00(ABVC.3)C0
NR2101: before 1.00(ABUS.5)C0
LTE7490-M904: before 1.00(ABQY.3)C0
LTE7485-S905: before 1.00(ABVN.5)C0
LTE7480-S905: before 2.00(ABQT.5)C0
LTE7480-M804: before 1.00(ABRA.3)C0
LTE7461-M602: before 2.00(ABQN.4)C0
LTE7240-M403: before 2.00(ABMG.4)C0
LTE5388-S905: before 1.00(ABVI.5)C0
PMG5622GA: before 5.40(ABNB.2)
PMG5617GA: before 5.40(ABNA.2)
PMG5317-T20B: before 5.40(ABKI.4)
XMG8825-B50A: before 5.17(ABMT.6)C0
XMG3927-B50A: before 5.17(ABMT.6)C0
VMG9827-B50A: before 5.13(ABLY.6)C0
VMG8825-T50K: before 5.50(ABOM.7)C0
VMG8825-Bx0B: before 5.17(ABNY.7)C0
VMG8825-B50A_B60A: before 5.17(ABMT.6)C0
VMG8623-T50B: before 5.50(ABPM.6)C0
VMG3927-T50K: before 5.50(ABOM.7)C0
VMG3927-B50B: before 5.13(ABLY.6)C0
VMG3927-B50A_B60A: before 5.17(ABMT.6)C0
VMG3625-T50B: before 5.50(ABPM.6)C0
VMG1312-T20B: before 5.50(ABSB.5)C0
EX5510-B0: before 5.15(ABQX.5)C0
EX5501-B0: before 5.17(ABRY.2)C0
EMG8726-B50A: before 5.13(ABNP.6)C0
EMG6726-B10A: before 5.13(ABNP.6)C0
EMG5723-T50K: before 5.50(ABOM.7)C0
EMG5523-T50B: before 5.50(ABSL.0)C0
EMG1702-T10A: before 1.00(ABNZ.1)C0
DX4510-B0: before 5.17(ABYL.0)C0
EMG3525-T50B: before 5.50(ABSL.0)C0
EMG3524-T10A: before 5.41(ABXU.1)C0
WAC6303D-S: before 6.25(ABGL.0)
WAC5302D-Sv2: before 6.25(ABVZ.0)
WAC5302D-S: before 6.25(ABFH.8)
NWA5123-AC HD: before 6.25(ABIM.0)
NWA1123-AC HD: before 6.25(ABIN.0)
EX3510-B0: before V5.17(ABUP.3)C0
VMG4927-B50A: before V5.13(ABLY.6)C0
External linkshttp://www.zyxel.com/support/Zyxel_security_advisory_for_FragAttacks_against_WiFi_products.shtml
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.