【Vulnerability Alert】Zyxel has recently released security updates for firewalls and wireless access points. It is recommended that administrators evaluate the updates as soon as possible!
publish date :
2024-03-05
update date :
2024-04-15
Source: Ministry of education information & communication security contingency platform
Publication Number | TACERT-ANA-2024030508031818 | Publication Time | 2024/03/05 08:32 |
Incident Type | ANA-Vulnerability Alert | Discovery Time | 2024/03/05 08:32 |
Impact Level | Medium | ||
[Subject] 【Vulnerability Alert】Zyxel has recently released security updates for firewalls and wireless access points. It is recommended that administrators evaluate the updates as soon as possible! |
|||
[Content] Forwarded from CHTSECURITY-200-202403-00000001 ● CVE-2023-6397: Certain firewall versions have a vulnerability in null pointer dereference. If the firewall has the "anti-malware" feature enabled, it allows attackers on the local area network (LAN) to download specially crafted RAR compressed files to LAN hosts, causing a denial of service (DoS) condition. ● CVE-2023-6398: In certain firewall and access point (AP) versions, there is a command injection vulnerability bypassing authentication for uploading binary files. Authenticated attackers may have administrator privileges and execute some operating system (OS) commands via FTP on the affected devices. Information Sharing Level: WHITE (Information that can be publicly disclosed). |
|||
[Affected Platform] ● Firewalls ● Wireless Access Points |
|||
[Recommended Actions] Please refer to the Zyxe official website for instructions and recommended update versions: https://www.zyxel.com/tw/zh/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps-02-21-2024 |
|||
[Reference] |
(This notification is for informational purposes only and does not constitute a cybersecurity incident).
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw
Organizer:
Computer Center
Contact Person:
Computer Center Service Counter
Phone:
02-2908-9899
Extension:
2270