Source: Ministry of education information & communication security contingency platform
| Publication Number | TACERT-ANA-2024030508031818 | Publication Time | 2024/03/05 08:32 |
| Incident Type | ANA-Vulnerability Alert | Discovery Time | 2024/03/05 08:32 |
| Impact Level | Medium | ||
| [Subject] 【Vulnerability Alert】Zyxel has recently released security updates for firewalls and wireless access points. It is recommended that administrators evaluate the updates as soon as possible! |
|||
| [Content] Forwarded from CHTSECURITY-200-202403-00000001 ● CVE-2023-6397: Certain firewall versions have a vulnerability in null pointer dereference. If the firewall has the "anti-malware" feature enabled, it allows attackers on the local area network (LAN) to download specially crafted RAR compressed files to LAN hosts, causing a denial of service (DoS) condition. ● CVE-2023-6398: In certain firewall and access point (AP) versions, there is a command injection vulnerability bypassing authentication for uploading binary files. Authenticated attackers may have administrator privileges and execute some operating system (OS) commands via FTP on the affected devices. Information Sharing Level: WHITE (Information that can be publicly disclosed). |
|||
| [Affected Platform] ● Firewalls ● Wireless Access Points |
|||
| [Recommended Actions] Please refer to the Zyxe official website for instructions and recommended update versions: https://www.zyxel.com/tw/zh/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps-02-21-2024 |
|||
| [Reference] |
|||