cancel
Showing results for 
Search instead for 
Did you mean: 

Zyxel Vulnerabilities - NR5103E affected

crypt0ninja
Established

Hi all,

Just come across the following Zyxel page that's been updated recently, with mention of some vulnerabilities with their hardware:

https://community.zyxel.com/en/discussion/15553/zyxel-security-advisory-for-command-injection-buffer...

The NR5103E is listed as being affected by one of the vulnerabilities in the list and says this for the NR5103E:

"Hotfix available now
Standard firmware V1.00(ACDJ.0)C0 in Apr. 2023"

I see our current firmware version is 'V1.00(ACBJ.0)b12', and as far as I'm aware, when it comes to Zyxel the 'B' firmware's are beta firmware's and 'C' firmware's are stable/non-beta, so I can only assume that the firmware we are on is older (and beta) than the one listed above and as such is likely affected by the mentioned vulnerability.

Little confused that they say 'Hotfix available now' but then next to the firmware version it says 'Apr. 2023'...not sure if that's just a typo or something but it does look like they have fixed this and released a hotfix/updated firmware for the NR5103E.

Can you confirm you are aware of this and looking to push the firmware update out to us?

FYI @JonathanB as this may be great time to enable the cell locking options for us at the same time 😜

Best solution
Best solution
JonathanB
Community Moderator
Community Moderator

Hey @crypt0ninja,

Thanks for flagging this up. I've checked in with my contacts and been advised that the current B12 firmware includes the required resolutions to address the vulnerabilities mentioned, so all Three supplied NR5103E are already covered.

Thanks,
Jonathan



Mod tip! The author of a post can hit 'Accept as Solution', to highlight a reply that helped solved their query.


View solution in conversation

2 REPLIES 2
Best solution
JonathanB
Community Moderator
Community Moderator

Hey @crypt0ninja,

Thanks for flagging this up. I've checked in with my contacts and been advised that the current B12 firmware includes the required resolutions to address the vulnerabilities mentioned, so all Three supplied NR5103E are already covered.

Thanks,
Jonathan



Mod tip! The author of a post can hit 'Accept as Solution', to highlight a reply that helped solved their query.


crypt0ninja
Established

Appreciate the confirmation! 🙂