Your browser either does not support JavaScript or you have turned JavaScript off.

Zyxel statement regarding unauthenticated remote command execution vulnerability

The issue

A recent report from SecuriTeam found that two Zyxel customized routers supplied to a service provider are vulnerable to command injections via the web interface. This could potentially allow unauthorized users to execute additional commands.

The solution

Zyxel was recently made aware of the issue and we would like to assure our customers that we have made its resolution a top priority. Following a thorough investigation, we are now in the process of providing a patch for the susceptible models listed in Table 1.

Meanwhile, Zyxel is supplying the service provider with a fix that they will be able to deploy the solution to its customers.


Table 1. Susceptible models
Model (customized version only) Patch plan
P-660HN-T1A Available January 13, 2017
P-660HN-T1A v2 Available January 6, 2017

Please contact your local service or sales representatives if you require any further assistance. To report security vulnerabilities, contact: security@zyxel.com.tw