https://community.three.co.uk/t5/Broadband/Zyxel-Vulnerabilities-NR5103E-affected/m-p/9615#M1308 <P>Hi all,</P><P>Just come across the following Zyxel page that's been updated recently, with mention of some vulnerabilities with their hardware:</P><P><A href="https://community.zyxel.com/en/discussion/15553/zyxel-security-advisory-for-command-injection-buffer-overflow-of-cpe-fiber-onts-wifi-extenders" target="_blank" rel="noopener">https://community.zyxel.com/en/discussion/15553/zyxel-security-advisory-for-command-injection-buffer-overflow-of-cpe-fiber-onts-wifi-extenders</A></P><P>The NR5103E is listed as being affected by one of the vulnerabilities in the list and says this for the NR5103E:</P><P>"<SPAN>Hotfix available now</SPAN><BR /><SPAN>Standard firmware V1.00(ACDJ.0)C0 in Apr. 2023"</SPAN></P><P><SPAN>I see our current firmware version is '</SPAN>V1.00(ACBJ.0)b12', and as far as I'm aware, when it comes to Zyxel the 'B' firmware's are beta firmware's and 'C' firmware's are stable/non-beta, so I can only assume that the firmware we are on is older (and beta) than the one listed above and as such is likely affected by the mentioned vulnerability.</P><P>Little confused that they say 'Hotfix available now' but then next to the firmware version it says 'Apr. 2023'...not sure if that's just a typo or something but it does look like they have fixed this and released a hotfix/updated firmware for the NR5103E.</P><P>Can you confirm you are aware of this and looking to push the firmware update out to us?</P><P>FYI&nbsp;<a href="https://community.three.co.uk/t5/user/viewprofilepage/user-id/6">@JonathanB</a> as this may be great time to enable the cell locking options for us at the same time&nbsp;<span class="lia-unicode-emoji" title=":winking_face_with_tongue:">😜</span></P> Fri, 10 Feb 2023 19:09:29 GMT crypt0ninja 2023-02-10T19:09:29Z https://community.three.co.uk/t5/Broadband/Zyxel-Vulnerabilities-NR5103E-affected/m-p/9615#M1308 <P>Hi all,</P><P>Just come across the following Zyxel page that's been updated recently, with mention of some vulnerabilities with their hardware:</P><P><A href="https://community.zyxel.com/en/discussion/15553/zyxel-security-advisory-for-command-injection-buffer-overflow-of-cpe-fiber-onts-wifi-extenders" target="_blank" rel="noopener">https://community.zyxel.com/en/discussion/15553/zyxel-security-advisory-for-command-injection-buffer-overflow-of-cpe-fiber-onts-wifi-extenders</A></P><P>The NR5103E is listed as being affected by one of the vulnerabilities in the list and says this for the NR5103E:</P><P>"<SPAN>Hotfix available now</SPAN><BR /><SPAN>Standard firmware V1.00(ACDJ.0)C0 in Apr. 2023"</SPAN></P><P><SPAN>I see our current firmware version is '</SPAN>V1.00(ACBJ.0)b12', and as far as I'm aware, when it comes to Zyxel the 'B' firmware's are beta firmware's and 'C' firmware's are stable/non-beta, so I can only assume that the firmware we are on is older (and beta) than the one listed above and as such is likely affected by the mentioned vulnerability.</P><P>Little confused that they say 'Hotfix available now' but then next to the firmware version it says 'Apr. 2023'...not sure if that's just a typo or something but it does look like they have fixed this and released a hotfix/updated firmware for the NR5103E.</P><P>Can you confirm you are aware of this and looking to push the firmware update out to us?</P><P>FYI&nbsp;<a href="https://community.three.co.uk/t5/user/viewprofilepage/user-id/6">@JonathanB</a> as this may be great time to enable the cell locking options for us at the same time&nbsp;<span class="lia-unicode-emoji" title=":winking_face_with_tongue:">😜</span></P> Fri, 10 Feb 2023 19:09:29 GMT https://community.three.co.uk/t5/Broadband/Zyxel-Vulnerabilities-NR5103E-affected/m-p/9615#M1308 crypt0ninja 2023-02-10T19:09:29Z https://community.three.co.uk/t5/Broadband/Zyxel-Vulnerabilities-NR5103E-affected/m-p/9720#M1348 <P>Hey&nbsp;<a href="https://community.three.co.uk/t5/user/viewprofilepage/user-id/4292">@crypt0ninja</a>,</P> <P>Thanks for flagging this up. I've checked in with my contacts and been advised that the current B12 firmware includes the required resolutions to address the vulnerabilities mentioned, so all Three supplied NR5103E are already covered.</P> <P>Thanks,<BR />Jonathan</P> Tue, 14 Feb 2023 11:46:41 GMT https://community.three.co.uk/t5/Broadband/Zyxel-Vulnerabilities-NR5103E-affected/m-p/9720#M1348 JonathanB 2023-02-14T11:46:41Z https://community.three.co.uk/t5/Broadband/Zyxel-Vulnerabilities-NR5103E-affected/m-p/9721#M1349 <P>Appreciate the confirmation! <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> Tue, 14 Feb 2023 12:08:37 GMT https://community.three.co.uk/t5/Broadband/Zyxel-Vulnerabilities-NR5103E-affected/m-p/9721#M1349 crypt0ninja 2023-02-14T12:08:37Z