Security Vulnerabilities and Bug Fixes


ZBT is announcing a series of vulnerability resolutions and CVE patches across our firmware and cloud products. Please note that CVEs originating from OpenWRT are not included in this disclosure.

In some instances, CVE codes may be reserved, and vulnerability details will remain confidential until a substantial number of users have updated their systems. This measure is taken to mitigate the risk of malicious exploitation.

If you would like to report a vulnerability or bug, please reach out to support@zbt.com. Our vulnerability disclosure policy allows for a 90-day window for fixes and updates.

 

Vulnerability Summaries

CVE-2022-31898

Issue: Command Injection in network tools within router firmware enables unauthorized alteration of router settings.
Affected Software: Firmware version 3.212 and earlier
Acknowledgment: Olivier Boschko Laflamme
Action: Users are strongly urged to upgrade to firmware version 3.215 or later.

 

 

CVE-2022-42054

Issue: Cross-site scripting (XSS) in company name and description fields in ZBTCloud allows attackers to obtain user rights.
Affected Software: ZBTCloud version 1.0 and earlier
Acknowledgment: Olivier Boschko Laflamme

 

CVE-2022-42055

Issue: Command injection vulnerability in ZBTCloud allows attackers to gain control over user routers.
Affected Software: Firmware version 3.212 and earlier, ZBTCloud version 1.0 and earlier
Acknowledgment: Olivier Boschko Laflamme

 

CVE-2022-44211

Issue: Insecure design in ZBTCloud permits attackers to gain control over user devices using the Cloud ID.
Affected Software: ZBTCloud version 1.0 and earlier
Acknowledgment: Goutham Rukmasah and Kushal Arvind Shah of Fortinet’s FortiGuard Labs

 

CVE-2022-44212

Issue: Insecure architecture in ZBTCloud grants remote access to user devices through the device ID.
Affected Software: ZBTCloud version 1.0 and earlier
Acknowledgment: Goutham Rukmasah and Kushal Arvind Shah of Fortinet’s FortiGuard Labs

 

About ZBT

ZBT specializes in the design, development, and manufacturing of advanced networking hardware and software solutions, delivering secure and affordable connectivity for businesses and homes worldwide. We provide tailored solutions across various industries, addressing everyday internet challenges while offering cutting-edge networking infrastructures, including smart buildings and IoT systems. At ZBT, we prioritize uncompromising security and network reliability to ensure long-term success for our partners.

RELATED ARTICLES
ZBT Introduces the Marble (ZBT-B3000): A Next-Gen Wi-Fi 6 Router for Modern Living
Understanding OpenRoaming: Its Functionality and Significance for Frequent Travelers
Introducing a Two-Year Warranty on All ZBT Routers
Proactive Strategies to Shield ZBT Users from BSSID-Based Location Tracking
Your Guide to Choosing the Ideal ZBT Travel Router
Announcement of End-of-Life for ZBT-SF1200
Introducing ZBT's Enhanced Firmware Download Center
ZBT Introduces Aesthetic Wi-Fi 6 OpenWrt Router for Home Use