Zyxel statement for the TR-064 protocol implementation in CPEs
The issue
TR-064 LAN-side CPE configuration bound to the TR-069 CPE WAN Management Protocol (CWMP) interface through TCP port 7547. With malicious practice in place, unauthorized users could access or alter the device’s LAN configuration from the WAN-side using TR-064 protocol.
Zyxel is aware of the issue and assures customers that we are handling the issue with top priority. We have conducted a thorough investigation and found that the root cause of this issue lies with the Econet/Linux and LiNOS platforms. Zyxel has identified the susceptible models, as listed in Table 1 below.
The solution
Will be implemented to discard TR-064 packets from the WAN side to keep the devices protected.
For users whose devices not supplied by a Service Provider, Zyxel recommends you upgrade to the latest available firmware for maximum protection.
As a good security practice, Zyxel also strongly recommends all users take the following steps to maximize protection against cyber threats:
- Change device administration password as well as the Wi-Fi SSID/password
- Increase password strength. Long and complex passwords are harder to crack
Please contact your local service or sales representatives if you require any further assistance.
Table 1
Model | Applicable Region | Applicable Countries | Firmware Patch and Download Links |
---|---|---|---|
AMG1001-T10A | Europe | Nordic countries | V1.00(AAJL.2)D0 |
All other European countries | V1.00(AAJL.2)C0 | ||
AMG1202-T10A | Europe | UK | V1.00(AAAM.3)D0 |
Ireland | V1.00(AAAM.3)F0 | ||
AMG1202-T10B | Europe | Sweden + Finland | V2.00(AAFN.17)E0 |
All other European countries | V2.00(AAFN.17)C0 | ||
Africa | South Africa | V2.00(AAFN.17)H0 | |
Asia | Thailand | V2.00(AAQP.4b1)_G0 | |
India | V2.00(AAQP.4b1)_K0 | ||
Middle-East | UAE | V2.00(AAQP.4b1)_V0 | |
Central America | Central America countries | V2.00(AAFN.17)D0 | |
AMG1302-T10A | Europe | UK | V1.00(AABK.3)D0 |
AMG1302-T10B | Europe | UK | V2.00(AAJC.16)I0 |
All other European countries | V2.00(AAJC.16)C0 | ||
Asia | Thailand | V2.00(AARX.1b5)_G0 | |
Central America | Central America countries | V2.00(AAJC.16)D0 | |
South America | Argentina | V2.00(AAJC.16)D0 | |
AMG1302-T11C | Europe | Sweden + Finland | V3.00(ABCG.8)E0 |
UK | V3.00(ABCG.8)I0 | ||
All other European countries | V3.00(ABCG.8)C0 | ||
Africa | South Africa | V3.00(ABCG.8)H0 | |
Central America | Central America countries | V3.00(ABCG.8)D0 | |
AMG1312-T10B | Europe | Sweden + Finland | V2.00(AAFP.12)E0 |
All other European countries | V2.00(AAFP.12)C0 | ||
Africa | South Africa | V2.00(AAFP.12)H0 | |
Asia | Thailand | V2.00(AAQF.2b10)_G0 | |
India | V2.00(AAFP.12)C0 | ||
Middle-East | UAE | V2.00(AAQF.2b10) |
For Zyxel products offered through Internet service providers (ISPs), please contact your ISP if you require further details.