Report a Security Vulnerability
Zyxel cares about your network security. It’s our highest priority, and we want to work with you.
If you have discovered a security vulnerability in Zyxel products, we appreciate your help in reporting it to us in a responsible manner. The advance notice allows our PSIRT team to coordinate a patch or workaround which allows our customers to protect themselves before attackers have the opportunity to exploit the issue.
Please include following information when you report a security vulnerability.
1. Affected model(s) and firmware/software version(s)
2. Vulnerability description and potential impacts
3. Step-by-step instructions to reproduce the issue
4. Proof-of-concept (PoC) or exploit code for the issue
5. Any suggested solutions to fix this (Optional)
6. Weakness enumeration (e.g. CWE) (Optional)
7. Severity (e.g. CVSS v3.x) (Optional)
Note: Zyxel does not have a security bug bounty program for reported vulnerabilities.