Zyxel security advisory for buffer overflow vulnerability in Realtek eCos SDK

CVE: CVE-2022-27255

Summary

Zyxel is aware of a buffer overflow vulnerability in some versions of Realtek’s Software Development Kit (SDK) and assures customers that Zyxel products are NOT affected.

What is the vulnerability?

A stack-based buffer overflow vulnerability was found in the SIP ALG module in some versions of Realtek’s eCos SDK. This could allow a remote unauthenticated attacker to trigger a buffer overflow and then cause a crash or achieve arbitrary code execution via a crafted SIP packet containing malicious SDP data.

What versions are vulnerable—and what should you do?

After a thorough investigation, we can confirm that Zyxel products are NOT affected, because they either do not use a vulnerable SDK version or do not adopt the vulnerable SIP ALG module.

Got a question?

Please contact your local service rep or visit Zyxel’s forum for further information or assistance.

Revision history

2022-08-18: Initial release

Security

Networking

Service and License

Home Connectivity

Success Stories

Organization Sizes

Use Cases

Technologies

What’s New?

Support

Training

Buy Online

Locate Partners

Select Your Location

Africa

Asia

Central America

Europe

Middle East

North America

Oceania

South America

Zyxel security advisory for buffer overflow vulnerability in Realtek eCos SDK

Have a question?