A recent report from SecuriTeam found that two Zyxel customized routers supplied to a service provider are vulnerable to command injections via the web interface. This could potentially allow unauthorized users to execute additional commands.
Zyxel was recently made aware of the issue and we would like to assure our customers that we have made its resolution a top priority. Following a thorough investigation, we are now in the process of providing a patch for the susceptible models listed in Table 1.
Meanwhile, Zyxel is supplying the service provider with a fix that they will be able to deploy the solution to its customers.
|Model (customized version only)||Patch plan|
|P-660HN-T1A||Available January 13, 2017|
|P-660HN-T1A v2||Available January 6, 2017|
Please contact your local service or sales representatives if you require any further assistance. To report security vulnerabilities, contact: firstname.lastname@example.org