Security update for Zyxel CPE devices and Small Business Gateways
Summary
Install the latest firmware for the listed Zyxel CPE devices and Small Business Gateways (SBGs) for optimal network protection.
About the update
During a recent product security check, we found that certain debugging webpages for several CPE devices and SBGs could be remotely accessed without authentication when the product’s remote HTTP/HTTPS access function was enabled.
We urge all customers to stay safe by installing the latest firmware for the applicable products listed below as soon as it’s available. Until then, a temporary solution is to disable remote HTTP/HTTPS access for vulnerable devices.
What should you do?
If you have any of the following products, we strongly advise you to install the latest firmware as they include important security fixes and upgrades.
Model | New firmware version |
---|---|
SBG3300-N000 | V1.01(AADY.9)C0 |
SBG3300-NB00 | V1.01(AAIW.9)C0 |
SBG3500-N000 | V1.01(AAON.9)C0 |
SBG3500-NB00 | V1.01(AAQM.9)C0 |
SBG3600-N000 | V1.00(AAKO.9)C0 |
SBG3600-NB00 | V1.00(AAZE.9)C0 |
VMG1312-B10A | V1.00(AAJZ.16)C0 |
VMG1312-B30A | V1.00(AATO.10)C0 |
VMG8324-B10A | V1.00(AAKL.24)C0 |
VMG8324-B30A | V1.00(AAPQ.15)C0 |
VMG8924-B10A | V1.00(AAKL.24)C0 |
VMG8924-B30A | V1.00(AAPQ.15)C0 |
PMG5318-B20C | V1.00(ABGS.6)C0 |
PMG5323-B20B | V1.00(ABGT.6)C0 |
PMG5318-B20B | V1.00(AAZC.2)C0 |
Products not listed above are not affected and don’t require a related security update.
Please note that the preceding table excludes products offered through internet service providers (ISPs). We have been working with our ISP customers to deploy security patches for the affected subscriber devices.
Got a question?
Please contact your local service rep or visit Zyxel’s Community for further information or assistance.
Revision history
2018-07-03: Initial release
2018-07-30: Edited the firmware version of PMG5318-B20B and added the download link