Zyxel advisory for the BlackNurse attack


A recently publicized “BlackNurse” attack, which sends a low volume of ICMP (Internet Control Message Protocol) Type 3 Code 3 requests to targets, could overload the target’s host CPU, slow down the target’s response, and result in denial of service (DoS). The attack targets firewalls and other network equipment of various brands. However, the attack has not been classified as a security vulnerability because no CVE identifiers or other vulnerability numbers have been assigned.


Is my Zyxel product at risk?

The disclosure suggested two Zyxel products are affected, as listed in Table 1. Zyxel is aware of the attack and will provide patches to strengthen security and guard customers against the threats.


Table 1.

Product Series/Model Status Patch plan
Security Appliance USG50 End-of-life in 2015 Patch available on Nov. 25 2016
Access Point NWA3560-N End-of-life in 2015 Patch available now

Please contact your local service or sales representatives if you require any further assistance. To report security vulnerabilities, contact: security@zyxel.com.tw