Your browser either does not support JavaScript or you have turned JavaScript off.

Zyxel statement for the TR-064 protocol implementation in CPEs

The issue

TR-064 LAN-side CPE configuration bound to the TR-069 CPE WAN Management Protocol (CWMP) interface through TCP port 7547. With malicious practice in place, unauthorized users could access or alter the device’s LAN configuration from the WAN-side using TR-064 protocol.

Zyxel is aware of the issue and assures customers that we are handling the issue with top priority. We have conducted a thorough investigation and found that the root cause of this issue lies with the Econet/Linux and LiNOS platforms. Zyxel has identified the susceptible models, as listed here.


The solution

Will be implemented to discard TR-064 packets from the WAN side to keep the devices protected.

For users whose devices not supplied by a Service Provider, Zyxel recommends you upgrade to the latest available firmware available on Zyxel Support Center for maximum protection.


As a good security practice, Zyxel also strongly recommends all users take the following steps to maximize protection against cyber threats:

1. Change device administration password as well as the Wi-Fi SSID/password

2. Increase password strength. Long and complex passwords are harder to crack



A step-by-step guide and video are available here. If you have any issues with the procedures, please contact with Community Forum

Please contact your local service or sales representatives if you require any further assistance.