Your browser either does not support JavaScript or you have turned JavaScript off.

Security update for Zyxel CPE devices and Small Business Gateways

Summary

Install the latest firmware for the listed Zyxel CPE devices and Small Business Gateways (SBGs) for optimal network protection.


About the update

During a recent product security check, we found that certain debugging webpages for several CPE devices and SBGs could be remotely accessed without authentication when the product’s remote HTTP/HTTPS access function was enabled.

We urge all customers to stay safe by installing the latest firmware for the applicable products listed below as soon as it’s available. Until then, a temporary solution is to disable remote HTTP/HTTPS access for vulnerable devices.


What should you do?

If you have any of the following products, go to the Zyxel Support Center , download the latest firmware, and apply it to the device.


Model New firmware version
SBG3300-N000 V1.01(AADY.9)C0
SBG3300-NB00 V1.01(AAIW.9)C0
SBG3500-N000 V1.01(AAON.9)C0
SBG3500-NB00 V1.01(AAQM.9)C0
SBG3600-N000 V1.00(AAKO.9)C0
SBG3600-NB00 V1.00(AAZE.9)C0
VMG1312-B10A V1.00(AAJZ.16)C0
VMG1312-B30A V1.00(AATO.10)C0
VMG8324-B10A V1.00(AAKL.24)C0
VMG8324-B30A V1.00(AAPQ.15)C0
VMG8924-B10A V1.00(AAKL.24)C0
VMG8924-B30A V1.00(AAPQ.15)C0
PMG5318-B20C V1.00(ABGS.5)C0
PMG5323-B20B V1.00(ABGT.5)C0
PMG5318-B20B V1.00(AAZC.2)b4 available in Aug/M 2018 or earlier

Products not listed above are not affected and don’t require a related security update.

Please note that the preceding table excludes products offered through internet service providers (ISPs). We have been working with our ISP customers to deploy security patches for the affected subscriber devices.

Got a question or a tipoff?

Please contact your local service rep for further information or assistance. If you’ve found a vulnerability, we want to work with you to fix it – contact security@zyxel.com.tw and we’ll get right back to you.


Revision history

Initial release 2018-07-03