Security Advisories

Zyxel's latest security announcements and advices

CVE ID	Title	Last Updated
CVE-2025-1731 CVE-2025-1732	Zyxel security advisory for incorrect permission assignment and improper privilege management vulnerabilities in USG FLEX H series firewalls	April 22, 2025
CVE-2024-11253 CVE-2024-12009 CVE-2024-12010	Zyxel security advisory for post-authentication command injection vulnerabilities in certain DSL/Ethernet CPE, fiber ONT, and WiFi extender devices	March 11, 2025
CVE-2024-40890 CVE-2024-40891 CVE-2025-0890	Zyxel security advisory for command injection and insecure default credentials vulnerabilities in certain legacy DSL CPE	February 4, 2025
CVE-2024-12398	Zyxel security advisory for improper privilege management vulnerability in APs and security router devices	January 14, 2025
CVE-2024-8748 CVE-2024-9197 CVE-2024-9200	Zyxel security advisory for buffer overflow and post-authentication command injection vulnerabilities in some 4G LTE/5G NR CPE, DSL/Ethernet CPE, fiber ONTs, and WiFi extenders	December 3, 2024
CVE-2024-11667	Zyxel security advisory: protecting against recent firewall threats	November 27, 2024
CVE-2024-8881 CVE-2024-8882	Zyxel security advisory for post-authentication command injection and buffer overflow vulnerabilities in GS1900 series switches	November 12, 2024
CVE-2024-9677	Zyxel security advisory for insufficiently protected credentials vulnerability in firewalls	October 22, 2024
CVE-2024-38266 CVE-2024-38267 CVE-2024-38268 CVE-2024-38269	Zyxel security advisory for post-authentication memory corruption vulnerabilities in some DSL/Ethernet CPE, fiber ONT, WiFi extender, and security router versions	September 24, 2024
CVE-2024-38270	Zyxel security advisory for insufficient entropy vulnerability for web authentication tokens generation in GS1900 series switches	September 10, 2024

CVE-2025-1731
CVE-2025-1732

Zyxel security advisory for incorrect permission assignment and improper privilege management vulnerabilities in USG FLEX H series firewalls

April 22, 2025

CVE-2024-11253
CVE-2024-12009
CVE-2024-12010

Zyxel security advisory for post-authentication command injection vulnerabilities in certain DSL/Ethernet CPE, fiber ONT, and WiFi extender devices

March 11, 2025

CVE-2024-40890
CVE-2024-40891
CVE-2025-0890

Zyxel security advisory for command injection and insecure default credentials vulnerabilities in certain legacy DSL CPE

February 4, 2025

CVE-2024-12398

Zyxel security advisory for improper privilege management vulnerability in APs and security router devices

January 14, 2025

CVE-2024-8748
CVE-2024-9197
CVE-2024-9200

Zyxel security advisory for buffer overflow and post-authentication command injection vulnerabilities in some 4G LTE/5G NR CPE, DSL/Ethernet CPE, fiber ONTs, and WiFi extenders

December 3, 2024

CVE-2024-11667

Zyxel security advisory: protecting against recent firewall threats

November 27, 2024

CVE-2024-8881
CVE-2024-8882

Zyxel security advisory for post-authentication command injection and buffer overflow vulnerabilities in GS1900 series switches

November 12, 2024

CVE-2024-9677

Zyxel security advisory for insufficiently protected credentials vulnerability in firewalls

October 22, 2024

CVE-2024-38266
CVE-2024-38267
CVE-2024-38268
CVE-2024-38269

Zyxel security advisory for post-authentication memory corruption vulnerabilities in some DSL/Ethernet CPE, fiber ONT, WiFi extender, and security router versions

September 24, 2024

CVE-2024-38270

Zyxel security advisory for insufficient entropy vulnerability for web authentication tokens generation in GS1900 series switches

September 10, 2024

Security

Networking

Service and License

Home Connectivity

Success Stories

Organization Sizes

Use Cases

Technologies

What’s New?

Support

Learn

Buy Online

Locate Partners

Select Your Location

Africa

Asia

Central America

Europe

Middle East

North America

Oceania

South America

Security Advisories