Install the latest firmware for the listed Zyxel CPE devices and Small Business Gateways (SBGs) for optimal network protection.
About the update
During a recent product security check, we found that certain debugging webpages for several CPE devices and SBGs could be remotely accessed without authentication when the product’s remote HTTP/HTTPS access function was enabled.
We urge all customers to stay safe by installing the latest firmware for the applicable products listed below as soon as it’s available. Until then, a temporary solution is to disable remote HTTP/HTTPS access for vulnerable devices.
What should you do?
If you have any of the following products, go to the Zyxel Support Center , download the latest firmware, and apply it to the device.
|Model||New firmware version|
|PMG5318-B20B||V1.00(AAZC.2)b4 available in Aug/M 2018 or earlier|
Products not listed above are not affected and don’t require a related security update.
Please note that the preceding table excludes products offered through internet service providers (ISPs). We have been working with our ISP customers to deploy security patches for the affected subscriber devices.
Got a question or a tipoff?
Please contact your local service rep for further information or assistance. If you’ve found a vulnerability, we want to work with you to fix it – contact email@example.com and we’ll get right back to you.
Initial release 2018-07-03