Your browser either does not support JavaScript or you have turned JavaScript off.

Zyxel statement for the TR-064 protocol implementation in CPEs

The issue

TR-064 LAN-side CPE configuration bound to the TR-069 CPE WAN Management Protocol (CWMP) interface through TCP port 7547. With malicious practice in place, unauthorized users could access or alter the device’s LAN configuration from the WAN-side using TR-064 protocol.

Zyxel is aware of the issue and assures customers that we are handling the issue with top priority. We have conducted a thorough investigation and found that the root cause of this issue lies with the Econet/Linux and LiNOS platforms. Zyxel has identified the susceptible models, as listed here.


The solution

Will be implemented to discard TR-064 packets from the WAN side to keep the devices protected.

For users whose devices not supplied by a Service Provider, Zyxel recommends you upgrade to the latest available firmware available on Zyxel Support Center for maximum protection.


As a good security practice, Zyxel also strongly recommends all users take the following steps to maximize protection against cyber threats:

1. Change device administration password as well as the Wi-Fi SSID/password

2. Increase password strength. Long and complex passwords are harder to crack



A step-by-step guide and video are available here. If you have any issues with the procedures, please contact us at routersupport@zyxel.com.tw

Please contact your local service or sales representatives if you require any further assistance.