Zyxel Releases Security Update for NBG7510 Home Router

Zyxel releases a security update addressing a DNS misconfiguration vulnerability

Threat ID:: CC-4236
Threat Severity:: Information only
Published:: 22 December 2022 12:02 PM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Zyxel releases a security update addressing a DNS misconfiguration vulnerability

Affected platforms

The following platforms are known to be affected:

Versions: 1.00 (ABZY.2) C0 and earlier

Zyxel NBG7510

Threat details

Introduction

Zyxel has released a security update to address one vulnerability in NBG7510 home routers, The vulnerability is tracked as CVE-2022-38546 and could allow an unauthenticated attacker to perform DNS-related attacks, such as DNS tunneling or DNS amplification attacks, by using the open DNS resolver when the device is switched to the AP mode.

Remediation advice

Affected organisations are encouraged to review Zyxel's security advisory and apply relevant updates and mitigations.

Definitive source of threat updates

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-dns-misconfiguration-in-nbg7510-home-router

CVE Vulnerabilities

Status Published

CVE-2022-38546

A DNS misconfiguration was found in Zyxel NBG7510 firmware versions prior to V1.00(ABZY.3)C0, which could allow an unauthenticated attacker to access the DNS server when the device is switched to the AP mode.

Last edited: 22 December 2022 12:02 pm