Avisos de segurança

Política ERISP

A Equipe de Resposta a Incidentes de Segurança de Produtos (ERISP) da Zyxel responde a relatórios de vulnerabilidades, investiga as vulnerabilidades relatadas e implementa o melhor curso de ação para proteger nossos clientes. Ajudamos você a construir uma relação de confiança com seus clientes, tornando a segurança da rede nossa maior prioridade. É o que nos motiva a fornecer recomendações oportunas e acionáveis sobre vulnerabilidades emergentes. A Zyxel é autorizada como uma Autoridade de Numeração CVE (CNA, em inglês). Isso demonstra nosso compromisso com as divulgações de segurança e um aprimoramento contínuo dos relatórios de vulnerabilidades.

Política de Divulgação Coordenada de Vulnerabilidades Zyxel >

Como relatar uma vulnerabilidade

Se você descobriu uma vulnerabilidade de segurança em produtos Zyxel, agradecemos sua ajuda em relatá-la a nós de forma responsável. Nosso ERISP responderá com um patch para proteger seus assinantes antes que qualquer oportunista explore o problema.

Inclua as seguintes informações ao relatar uma vulnerabilidade de segurança.

1. Modelo(s) afetado(s) e versão(ões) de firmware/software
2. Descrição da vulnerabilidade e impactos potenciais
3. Instruções passo a passo para reproduzir o problema
4. Prova de conceito (PoC) ou código para exploração do problema
5. Quaisquer soluções sugeridas para corrigir isso (opcional)
6. Enumeração de fraquezas (por exemplo, CWE) (opcional)
7. Gravidade (por exemplo, CVSS v3.x) (opcional)

Observação: a Zyxel não tem um programa de recompensa por bugs de segurança para vulnerabilidades relatadas."

 

Advisories

Zyxel security advisory for post-authentication memory corruption vulnerabilities in some DSL/Ethernet CPE, fiber ONT, and Wi-Fi extender versions

---

Zyxel security advisory for buffer overflow vulnerabilities in some 5G NR CPE, DSL/Ethernet CPE, fiber ONT, and Wi-Fi extender devices

---

Zyxel security advisory for buffer overflow vulnerabilities in some 5G NR/4G LTE CPE, DSL/Ethernet CPE, fiber ONT, and Wi-Fi extender devices

---

Zyxel security advisory for command injection vulnerability in P660HN-T1A DSL CPE

---

Zyxel security advisory for security misconfiguration vulnerability of 4G LTE indoor routers

---

Zyxel security advisory for cleartext storage of WiFi credentials and improper symbolic links of FTP for AX7501-B0 CPE

---

Zyxel security advisory for command injection and buffer overflow vulnerabilities of CPE, fiber ONTs, and WiFi extenders

---

Zyxel security advisory for DoS vulnerability of switches

---

Zyxel security advisory for cleartext storage of information vulnerability

---

Zyxel security advisory for buffer overflow vulnerability in Realtek eCos SDK

---

Zyxel security advisory for OS command injection and buffer overflow vulnerabilities of CPE and ONTs

---

Zyxel security advisory for multiple vulnerabilities

---

Zyxel security advisory for Apache Log4j RCE vulnerabilities

---

Zyxel security advisory for FragAttacks against WiFi products

---

Zyxel security advisory for CGI vulnerability of LTE

---

Zyxel security advisory for DNSpooq

---

Zyxel security advisory for remote code execution and denial-of-service vulnerabilities of CPE

---

Zyxel security advisory for a new variant of Gafgyt malware

---

Zyxel security advisory for P1302-T10D v3 modem insecure direct object reference vulnerability

---

Zyxel security advisory for the new Mirai malware variant targeting P660HN devices

---

Reinforcing router security: German BSI’s Secure Broadband Router guideline

---

Zyxel security advisory for BCMUPnP_Hunter botnet

---

Zyxel security advisory for IKEv1 protocol vulnerability

---

Zyxel security advisory for the Linux kernel TCP flaw

---

Security update for Zyxel CPE devices and Small Business Gateways

---

Security advisory for the VPNFilter malware

---

Zyxel security advisory for Denial of Service on P-660HW v3

---

Zyxel security advisory for Meltdown and Spectre attacks

---

Zyxel security advisory for the recent botnet attacks targeting PK5001Z

---

Zyxel security advisory for dnsmasq vulnerabilities

---

Zyxel statement to vulnerability CVE-2017-3216

---

Zyxel advisory: password change recommendations to maximize protection

---

Zyxel statement for the TR-064 protocol implementation in CPEs

---

Brute force attacks? Zyxel to tighten protection on routers and CPE

---

Zyxel advisory for vulnerability CVE-2015-7547

---

Zyxel to fix SSH private Key and certificate vulnerability

---

Zyxel to issue fix for CERT VU#870744 Vulnerabilities

---

Zyxel to issue fix for LTE3301-Q222 software bug

---

Zyxel not affected by “RSA-CRT Key Leaks”

---

Zyxel product support for Microsoft Windows 10

---

Guard against “Misfortune Cookie” vulnerability

---

Shellshock!? Is it an issue for Zyxel products?

---

WPS brute force attack

---

End User License Agreement (EULA)