May 2023 Security Updates and Bug Resolutions

 

ZBT Addresses Vulnerabilities in Firmware


ZBT has recently published a comprehensive list of vulnerabilities and CVEs that have been resolved in its firmware and cloud products. While ZBT offers a suite of features and tools, vigilance against potential security threats is paramount to safeguard your data. Users are strongly encouraged to update their firmware to version 3.216 or higher to mitigate these risks.

If you identify any vulnerabilities or bugs in ZBT products, we welcome your feedback at support@zbt.com. We adhere to a 90-day vulnerability disclosure policy to ensure your concerns are addressed promptly.

 

Vulnerabilities Summary


CVE-2023-31471
Summary: Command Injection in network tools of router firmware permits the installation of arbitrary software.
Affected Software: Firmware 3.215 and earlier
Action Required: Upgrade to firmware 3.216 or above
Credits: Simone Onofri, Luca Napolitano

CVE-2023-31472
Summary: Command Injection in network tools of router firmware enables the creation of arbitrary files.
Affected Software: Firmware 3.215 and earlier
Action Required: Upgrade to firmware 3.216 or above
Credits: Legoclones

CVE-2023-31473
Summary: Command Injection in network tools of router firmware allows arbitrary files to be read.
Affected Software: Firmware 3.215 and earlier
Action Required: Upgrade to firmware 3.216 or above
Credits: Simone Onofri, Luca Napolitano

CVE-2023-31474
Summary: Command Injection in network tools of router firmware permits browsing of any directory.
Affected Software: Firmware 3.215 and earlier
Action Required: Upgrade to firmware 3.216 or above
Credits: Simone Onofri, Luca Napolitano

CVE-2023-31475
Summary: Command Injection in network tools of router firmware causes a buffer overflow.
Affected Software: Firmware 3.215 and earlier
Action Required: Upgrade to firmware 3.216 or above
Credits: Legoclones

CVE-2023-31476
Summary: Command Injection in MV1000 router firmware allows the creation of arbitrary files.
Affected Software: Firmware 3.215 and earlier
Action Required: Upgrade to firmware 3.216 or above
Credits: Legoclones

CVE-2023-31477
Summary: Command Injection in network tools of router firmware enables sharing of any directory.
Affected Software: Firmware 3.215 and earlier
Action Required: Upgrade to firmware 3.216 or above
Credits: Simone Onofri, Luca Napolitano

 

CVE-2023-31478
Summary: Command Injection in network tools of router firmware leaks the SSID Key.
Affected Software: Firmware 3.215 and earlier
Action Required: Upgrade to firmware 3.216 or above
Credits: Legoclones

 

 

About ZBT


ZBT specializes in developing network hardware and software solutions that provide secure and affordable connectivity for families and businesses globally. We cater to diverse industries, addressing common internet challenges while delivering sophisticated networking solutions for smart buildings and IoT networks. At ZBT, our commitment to enhancing network security and reliability is fundamental to supporting successful partnerships.

RELATED ARTICLES
ZBT Introduces the Marble (ZBT-B3000): A Next-Gen Wi-Fi 6 Router for Modern Living
Understanding OpenRoaming: Its Functionality and Significance for Frequent Travelers
Introducing a Two-Year Warranty on All ZBT Routers
Proactive Strategies to Shield ZBT Users from BSSID-Based Location Tracking
Your Guide to Choosing the Ideal ZBT Travel Router
Announcement of End-of-Life for ZBT-SF1200
Introducing ZBT's Enhanced Firmware Download Center
ZBT Introduces Aesthetic Wi-Fi 6 OpenWrt Router for Home Use