#VU49097 Input validation error in ZyXEL Communications Corp. products

Vulnerability identifier: #VU49097

Vulnerability risk: High

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: N/A

CWE-ID: CWE-20

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
EMG3525-T50B
Hardware solutions / Routers for home users
EMG5523-T50B
Hardware solutions / Routers for home users
EMG5723-T50K
Hardware solutions / Routers for home users
EMG6726-B10A
Hardware solutions / Routers for home users
EX3510-B0
Hardware solutions / Routers for home users
EX5510-B0
Hardware solutions / Routers for home users
VMG3625-T50B
Hardware solutions / Routers for home users
VMG3925-B10B/B10C
Hardware solutions / Routers for home users
VMG3927-B50A_B60A
Hardware solutions / Routers for home users
VMG3927-B50B
Hardware solutions / Routers for home users
VMG3927-T50K
Hardware solutions / Routers for home users
VMG4005-B50B
Hardware solutions / Routers for home users
VMG4927-B50A
Hardware solutions / Routers for home users
VMG8623-T50B
Hardware solutions / Routers for home users
VMG8825-B50A_B60A
Hardware solutions / Routers for home users
VMG8825-Bx0B
Hardware solutions / Routers for home users
VMG8825-T50K
Hardware solutions / Routers for home users
VMG8924-B10D
Hardware solutions / Routers for home users
XMG3927-B50A
Hardware solutions / Routers for home users
XMG8825-B50A
Hardware solutions / Routers for home users
VMG1312-T20B
Hardware solutions / Routers for home users

Vendor: ZyXEL Communications Corp.

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to insufficient validation of user-supplied input when processing HTTP requests in zhttpd webserver. A remote attacker can send specially crafted HTTP request to the affected device and execute arbitrary code on the system.

Successful exploitation of the vulnerability will result in a complete compromise of the router.

Mitigation

Install updates from vendor's website.

Note, some of the firmware updates are scheduled to be released during 2021.

Vulnerable software versions

EMG3525-T50B: before V5.50(ABSL.0)b8

EMG5523-T50B: before V5.50(ABSL.0)b8

EMG5723-T50K: before V5.50(ABOM.5)C0

EMG6726-B10A: before V5.13 (ABNP.6).C0

EX3510-B0: before V5.17(ABUP.3)C0

EX5510-B0: before V5.15(ABQX.3)C0

VMG3625-T50B: before V5.50(ABPM.4)C0

VMG3925-B10B/B10C: before V5.13(AAVF.16)C0

VMG3927-B50A_B60A: before V5.15(ABMT.5)C0

VMG3927-B50B: before V5.13(ABLY.6)C0

VMG3927-T50K: before V5.50(ABOM.5)C0

VMG4005-B50B: before V5.13(ABRL.5)C0

VMG4927-B50A: before V5.13(ABLY.6)C0

VMG8623-T50B: before V5.50(ABPM.4)C0

VMG8825-B50A_B60A: before V5.15(ABMT.5)C0

VMG8825-Bx0B: before V5.15(ABNY.5)C0

VMG8825-T50K: before V5.50(ABOM.5)C0

VMG8924-B10D: before V5.13(ABGQ.6)C0

XMG3927-B50A: before V5.15(ABMT.5)C0

XMG8825-B50A: before V5.15(ABMT.5)C0

VMG1312-T20B: before V5.50(ABSB.3)C0

---

External links
https://www.zyxel.com/support/Zyxel-security-advisory-for-remote-code-execution-and-denial-of-service-vulnerabilities-of-CPE.shtml

---

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.