Tip: You can also search by model number to quickly find the most up-to-date product information and downloads
Finding model number
The Zyxel Product Security Incident Response Team (PSIRT) responds to vulnerability reports, investigates the reported vulnerabilities, and implements the best course of action to protect our customers. We help you build trust with your customers by making network security our highest priority. It’s what drives us to deliver timely, actionable advice on emerging vulnerabilities. Zyxel is authorized as a CVE Numbering Authority (CNA). This recognizes our commitment to security disclosures and a continuous enhancement of vulnerability reporting.
If you have discovered a security vulnerability in Zyxel products, we appreciate your help in reporting it to us in a responsible manner. Our PSIRT will respond and coordinate a patch to protect your subscribers before any opportunists exploit the issue.
Please include the following information when you report a security vulnerability.
Affected model(s) and firmware/software version(s)
Vulnerability description and potential impacts
Step-by-step instructions to reproduce the issue
Proof-of-concept (PoC) or exploit code for the issue
Any suggested solutions to fix this (Optional)
Weakness enumeration (e.g. CWE) (Optional)
Severity (e.g. CVSS v3.x) (Optional)
Note: Zyxel does not have a security bug bounty program for reported vulnerabilities.