TR-064 LAN-side CPE configuration bound to the TR-069 CPE WAN Management Protocol (CWMP) interface through TCP port 7547. With malicious practice in place, unauthorized users could access or alter the device’s LAN configuration from the WAN-side using TR-064 protocol.
Zyxel is aware of the issue and assures customers that we are handling the issue with top priority. We have conducted a thorough investigation and found that the root cause of this issue lies with the Econet/Linux and LiNOS platforms. Zyxel has identified the susceptible models, as listed here.
Will be implemented to discard TR-064 packets from the WAN side to keep the devices protected.
For users whose devices not supplied by a Service Provider, Zyxel recommends you upgrade to the latest available firmware available on Zyxel Support Center for maximum protection.
As a good security practice, Zyxel also strongly recommends all users take the following steps to maximize protection against cyber threats:
1. Change device administration password as well as the Wi-Fi SSID/password
2. Increase password strength. Long and complex passwords are harder to crack