Skip to main content

Security researchers disclosed four new critical flaws in Zyxel Products including AP, API Controller, and Firewall Devices. These flaws let attackers to carryout cross-site scripting, command injection, and an authentication bypass vulnerabilities on the affected Zyxel products. This post is going to be important for those who use Zyxel’s AP, API Controller, and Firewall products on their network. In this post we are going to see about the four flaws found in Zyxel products, Product’s with version information affected by these vulnerabilities, and most importantly, how to fix these critical flaws found in Zyxel products.

Summary Of The Critical Flaws Found In Zyxel Products:

Here is the list of four flaws found in Zyxel products.


A cross-site scripting vulnerability was identified in the CGI program of some firewall versions that could allow an attacker to obtain some information stored in the user’s browser, such as cookies or session tokens, via a malicious script.


Multiple improper input validation flaws were identified in some CLI commands of some firewall, AP controller, and AP versions that could allow a local authenticated attacker to cause a buffer overflow or a system crash via a crafted payload.


command injection vulnerability in the “packet-trace” CLI command of some firewall, AP controller, and AP versions could allow a local authenticated attacker to execute arbitrary OS commands by including crafted arguments to the command.


An authentication bypass vulnerability caused by the lack of a proper access control mechanism has been found in the CGI program of some firewall versions. The flaw could allow an attacker to downgrade from two-factor authentication to one-factor authentication via an IPsec VPN client.

Zyxel Products And Its Versions Affected By These Flaws:

As per the security advisory published by Zyxel, multiple products and versions are affected by these vulnerabilities.

Product TypeProductCVE-2022-0734CVE-2022-26531CVE-2022-26532CVE-2022-0910
FirewallUSG/ZyWALLZLD V4.35~V4.70ZLD V4.09~V4.71ZLD V4.09~V4.71ZLD V4.32~V4.71
FirewallUSG FLEXZLD V4.50~V5.20ZLD V4.50~V5.21ZLD V4.50~V5.21ZLD V4.50~V5.21
FirewallATPZLD V4.35~V5.20ZLD V4.32~V5.21ZLD V4.32~V5.21ZLD V4.32~V5.21
FirewallVPNZLD V4.35~V5.20ZLD V4.30~V5.21ZLD V4.30~V5.21ZLD V4.32~V5.21
FirewallNSGNot affectedV1.00~V1.33 Patch 4V1.00~V1.33 Patch 4Not affected
AccessPoint controllersNXC2500Not affected6.10(AAIG.3) and earlier6.10(AAIG.3) and earlierNot affected
AccessPoint controllersNXC5500Not affected6.10(AAOS.3) and earlier6.10(AAOS.3) and earlierNot affected
AccessPointNAP203Not affected6.25(ABFA.7) and earlier6.25(ABFA.7) and earlierNot affected
AccessPointNAP303Not affected6.25(ABEX.7) and earlier6.25(ABEX.7) and earlierNot affected
AccessPointNAP353Not affected6.25(ABEY.7) and earlier6.25(ABEY.7) and earlierNot affected
AccessPointNWA50AXNot affected6.25(ABYW.5) and earlier6.25(ABYW.5) and earlierNot affected
AccessPointNWA55AXENot affected6.25(ABZL.5) and earlier6.25(ABZL.5) and earlierNot affected
AccessPointNWA90AXNot affected6.27(ACCV.2) and earlier6.27(ACCV.2) and earlierNot affected
AccessPointNWA110AXNot affected6.30(ABTG.2) and earlier6.30(ABTG.2) and earlierNot affected
AccessPointNWA210AXNot affected6.30(ABTD.2) and earlier6.30(ABTD.2) and earlierNot affected
AccessPointNWA1123-AC-HDNot affected6.25(ABIN.6) and earlier6.25(ABIN.6) and earlierNot affected
AccessPointNWA1123-AC-PRONot affected6.25(ABHD.7) and earlier6.25(ABHD.7) and earlierNot affected
AccessPointNWA1123ACv3Not affected6.30(ABVT.2) and earlier6.30(ABVT.2) and earlierNot affected
AccessPointNWA1302-ACNot affected6.25(ABKU.6) and earlier6.25(ABKU.6) and earlierNot affected
AccessPointNWA5123-AC-HDNot affected6.25(ABIM.6) and earlier6.25(ABIM.6) and earlierNot affected
AccessPointWAC500HNot affected6.30(ABWA.2) and earlier6.30(ABWA.2) and earlierNot affected
AccessPointWAC500Not affected6.30(ABVS.2) and earlier6.30(ABVS.2) and earlierNot affected
AccessPointWAC5302D-SNot affected6.10(ABFH.10) and earlier6.10(ABFH.10) and earlierNot affected
AccessPointWAC5302D-Sv2Not affected6.25(ABVZ.6) and earlier6.25(ABVZ.6) and earlierNot affected
AccessPointWAC6103D-INot affected6.25(AAXH.7) and earlier6.25(AAXH.7) and earlierNot affected
AccessPointWAC6303D-SNot affected6.25(ABGL.6) and earlier6.25(ABGL.6) and earlierNot affected
AccessPointWAC6502D-ENot affected6.25(AASD.7) and earlier6.25(AASD.7) and earlierNot affected
AccessPointWAC6502D-SNot affected6.25(AASE.7) and earlier6.25(AASE.7) and earlierNot affected
AccessPointWAC6503D-SNot affected6.25(AASF.7) and earlier6.25(AASF.7) and earlierNot affected
AccessPointWAC6553D-ENot affected6.25(AASG.7) and earlier6.25(AASG.7) and earlierNot affected
AccessPointWAC6552D-SNot affected6.25(ABIO.7) and earlier6.25(ABIO.7) and earlierNot affected
AccessPointWAX510DNot affected6.30(ABTF.2) and earlier6.30(ABTF.2) and earlierNot affected
AccessPointWAX610DNot affected6.30(ABTE.2) and earlier6.30(ABTE.2) and earlierNot affected
AccessPointWAX630SNot affected6.30(ABZD.2) and earlier6.30(ABZD.2) and earlierNot affected
AccessPointWAX650SNot affected6.30(ABRM.2) and earlier6.30(ABRM.2) and earlierNot affected

How To Fix the Critical Flaws Found in Zyxel Products?

Zyxel has released software updates for firewalls and AP devices, However, the vendor has released hotfixes for AP controllers affected by CVE-2022-26531 and CVE-2022-26532. Note: The hotfixes can only be obtained by contacting the Zyxel support. Please contact the support for AP Controller updates.

See Also Two Zero-Day Unpatched Vulnerabilities in TP-Link Routers

Please reefer this table below to see the patched versions.

Product TypeProductPatched Versions
FirewallUSG/ZyWALLZLD V4.72
FirewallUSG FLEXZLD V5.30
FirewallATPZLD V5.30
FirewallVPNZLD V5.30
FirewallNSGV1.33 Patch 5*
AccessPoint controllersNXC2500Hotfix by request**
AccessPoint controllersNXC5500Hotfix by request**
AccessPointWAC5302D-SHotfix by request**

Leave a Reply