ZyXEL Helps You Guard Against “Misfortune Cookie” Vulnerability

  • Share on Facebook
  • Share on Twitter
  • Share on Linkedin
  • Share on Google Plus

A new vulnerability which allows intruders to remotely manipulate client-premise devices (CPEs) with administrative privileges was disclosed by Check Point Software Technologies in December, identified as CVE-2014-9222 & CVE-2014-9223 and also known as the “Misfortune Cookie” Vulnerability. It presents a security weakness in the residential CPEs and the devices connected to it, allowing potential exploitation such as data theft or malware infection.

ZyXEL is well aware of the vulnerability and assures our customers that only a limited number of ZyXEL models mentioned are affected, and their firmware updates will be released as shown in the table below. Addressing the list of ZyXEL models mentioned, several have already been provided additional protection with a new firmware update, while the great majority are currently “end-of-life” status.

Below find a list of current ZyXEL models on the market and the relevance of the newly discovered vulnerability. We recommend customers update the product firmware to its latest version as a measure to keep you always protected from all types of potential Internet intrusions and attacks.

Please contact your local sales/service representatives if you require any assistance.

ProductModel NameLevel of relevance
Gateway/Router P-660H-D1 Not affected
P-660H-T1 v3s Affected. Firmware update available on Jan. 13
P-660H-T3 v3s Affected. Firmware update available on Jan. 13
P-660HW-D1 Not affected
AMG1001-T10A Affected. Firmware update available on Jan. 13
P-660R-D1 Not affected
P-660R-T1 v3s Affected. Firmware update available on Jan. 13
P-660R-T3 v3s Affected. Firmware update available on Jan. 13
P-660RU-T1 v3s Affected. Firmware update available on Jan. 13
P-660RU-T3 v3s Affected. Firmware update available on Jan. 13
MSAN IES1248-51 Affected. Firmware update available on Jan. 13

End-of-life products

ProductModel NameStatus
Modem OMNI ADSL LAN EE (Annex A) End-of-life

Gateway/Router

P202H DSS1 End-of-life
P653HWI-11 End-of-life
P653HWI-13 End-of-life
P-660R-T1 End-of-life
P-660R-T1 v3 End-of-life
P-660R-T3 v3 End-of-life
P-660RU-T1 End-of-life
P-660RU-T1 v3 End-of-life
Prestige 623ME-T1 End-of-life
Prestige 623ME-T3 End-of-life
Prestige 623R-A1 End-of-life
Prestige 623R-T1 End-of-life
Prestige 623R-T3 End-of-life
Prestige 645 End-of-life
Prestige 645R-A1 End-of-life
Prestige 650 End-of-life
Prestige 650H/HW-31 End-of-life
Prestige 650H/HW-33 End-of-life
Prestige 650H-17 End-of-life
Prestige 650H-E1 End-of-life
Prestige 650H-E3 End-of-life
Prestige 650H-E7 End-of-life
Prestige 650HW-11 End-of-life
Prestige 650HW-13 End-of-life
Prestige 650HW-31 End-of-life
Prestige 650HW-33 End-of-life
Prestige 650HW-37 End-of-life
Prestige 650R-11 End-of-life
Prestige 650R-13 End-of-life
Prestige 650R-31 End-of-life
Prestige 650R-33 End-of-life
Prestige 650R-E1 End-of-life
Prestige 650R-E3 End-of-life
Prestige 650R-T3 End-of-life
Prestige 652H/HW-31 End-of-life
Prestige 652H/HW-33 End-of-life
Prestige 652H/HW-37 End-of-life
Prestige 652R-11 End-of-life
Prestige 652R-13 End-of-life
Prestige 660H-61 End-of-life
Prestige 660HW-61 End-of-life
Prestige 660HW-67 End-of-life
Prestige 660R-61 End-of-life
Prestige 660R-61C End-of-life
Prestige 660R-63 End-of-life
Prestige 660R-63/67 End-of-life
Prestige 791R End-of-life
Prestige 792H End-of-life

Products misplaced as ZyXEL’s in the disclosure*

Model Name
AAM6000EV/Z2 AAM6010EV AAM6010EV/Z2 AAM6010EV-Z2
AAM6020BI AAM6020BI-Z2 AAM6020VI/Z2  

*The original vulnerability disclosure incorrectly referred the above-listed models from other manufacturers as from ZyXEL.