If you’d like to receive the notification about our Security Advisory alert, please click the below button to fill in the info.
Zyxel takes security issues very seriously, and keeping our customers safe is Zyxel’s primary concern. The Zyxel Product Security Incident Response Team (PSIRT) responds to vulnerability reports, investigates the reported vulnerabilities, and implements the best course of action to protect our customers. Zyxel is also authorized as a CVE Numbering Authority (CNA). This recognizes Zyxel’s commitment to security disclosures and will enhance our vulnerability reporting.
If you have discovered a security vulnerability in Zyxel products, we appreciate your help in reporting it to us in a responsible manner. The advance notice allows our PSIRT team to coordinate a patch or workaround which allows our customers to protect themselves before attackers have the opportunity to exploit the issue.
Note: Zyxel does not have a security bug bounty program for reported vulnerabilities.
Zyxel security advisory for password guessing vulnerability of GS1200 series switches
Zyxel security advisory for CRLF injection vulnerability in some legacy firewalls
Zyxel security advisory for multiple vulnerabilities of firewalls, AP controllers, and APs
Zyxel security advisory for OS command injection vulnerability of firewalls
Zyxel security advisory for OS command injection and buffer overflow vulnerabilities of CPE and ONTs
Zyxel security advisory for local privilege escalation vulnerability of AP Configurator
Zyxel security advisory for authentication bypass vulnerability of firewalls
Zyxel security advisory for OS command injection vulnerability of NWA1100-NH access point
Zyxel security advisory for multiple vulnerabilities
Zyxel security advisory for Apache Log4j RCE vulnerabilities
Zyxel Security Advisory for WiFi Simple Config Buffer Overflow Vulnerabilities
Zyxel security advisory for XSS vulnerability of GS1900 series switches
Zyxel security advisory for attacks against security appliances
Zyxel security advisory for FragAttacks against WiFi products
Zyxel security advisory for CGI vulnerability of LTE
Zyxel security advisory for DNSpooq
Zyxel security advisory for insecure folder permissions of ZON Utility
Zyxel security advisory for hardcoded credential vulnerability
Zyxel security advisory for remote code execution and denial-of-service vulnerabilities of CPE
Zyxel security advisory for buffer overflow vulnerability
Zyxel security advisory for command injection vulnerability of firewalls
Zyxel security advisory for NAS remote access vulnerability
Zyxel security advisory for the Fraunhofer Home Router Security Report 2020
Zyxel security advisory for vulnerabilities of CloudCNM SecuManager
Zyxel security advisory for GS1900 switch vulnerabilities
Zyxel security advisory for a new variant of Gafgyt malware
Zyxel security advisory for P1302-T10D v3 modem insecure direct object reference vulnerability
Zyxel security advisory for SOHOpelessly Broken 2.0
Zyxel security advisory for hardcoded FTP credential vulnerability of access points
Zyxel security advisory for Web CGI vulnerability of gateways and access point controllers
Zyxel security advisory for buffer overflow vulnerabilities of GS1900 switches
Zyxel security advisory for vulnerabilities related to the Free Time feature
Zyxel security advisory for reflected cross-site scripting vulnerability of firewalls
Zyxel security advisory for the new Mirai malware variant targeting P660HN devices
Reinforcing router security: German BSI's Secure Broadband Router guideline
Zyxel security advisory for BCMUPnP_Hunter botnet
Zyxel security advisory for IKEv1 protocol vulnerability
Zyxel security advisory for the Bleichenbacher’s attack vulnerability of ZyWALL/USG devices
Zyxel security advisory for the Linux kernel TCP flaw
Security update for Zyxel CPE devices and Small Business Gateways
Security advisory for the VPNFilter malware
Zyxel security advisory for CVE-2018-9149
Zyxel security advisory for Denial of Service on P-660HW v3
Zyxel security advisory for Meltdown and Spectre attacks
Zyxel security advisory for the recent botnet attacks targeting PK5001Z
Zyxel security advisory for the key management vulnerabilities of WPA2 protocol
Zyxel security advisory for dnsmasq vulnerabilities
Guard against Petya ransomware
Google Drive Backup ZyWALL USG Series Firmware Upgrade Service Q&A
Zyxel statement to vulnerability CVE-2017-3216
Guard against WannaCry ransomware
Zyxel statement to the recent WordPress attacks
Zyxel advisory: password change recommendations to maximize protection
Zyxel statement for the TR-064 protocol implementation in CPEs
Zyxel advisory for the BlackNurse attack
Zyxel Brute force attacks? Zyxel to tighten protection on routers and CPE
Zyxel Advisory for Vulnerability CVE-2015-7547
Zyxel to Fix SSH Private Key and Certificate Vulnerability
Zyxel to Issue Fix for CERT VU#870744 Vulnerabilities
Zyxel to Issue Fix for LTE3301-Q222 Software Bug
Zyxel Not Affected by “RSA-CRT Key Leaks”
Zyxel Product Support for Microsoft Windows 10
Google Drive Function Now Restored and Available on Zyxel Network Storage Products
Avoid CSRF Pharming Vulnerability and MOOSE Malware
Zyxel to Release Patch for KCodes NetUSB Vulnerability
Google Drive Backup Function Temporarily Unavailable on Zyxel Network Storage Products
Zyxel USG/ZyWALL Series Not Affected by “FREAK”
Guard Against “GHOST” Vulnerability
Guard Against “Misfortune Cookie” Vulnerability
Protect Your Network from the SSL v3.0 “POODLE” Vulnerability
Shellshock!? Is it an Issue for Zyxel Products?
About WPS Attack by Brute Force