Security advisory for the VPNFilter malware



There’s currently no evidence that Zyxel devices are vulnerable to the VPNFilter malware. However, we urge all users to upgrade their devices to the latest available firmware for optimal protection.

What’s the vulnerability?

According to a disclosure by Cisco Talos, a piece of malware called VPNFilter is targeting networking devices by exploiting either their default credentials or known vulnerabilities. After a successful initial attack, an affected device downloads malicious codes onto its system remotely from the command and control (C&C) server.

What products are vulnerable?

There’s currently no evidence suggesting that Zyxel products are vulnerable to VPNFilter, and we haven’t received any report – from a customer, researcher, or other party – of the vulnerability affecting any Zyxel device.

What should you do?

  • Ensure your devices are running the latest available firmware.
  • Change the default password as soon as you log in to a new device for the first time.
  • Use strong, unique passwords for every device and change them regularly.
  • Don't enable remote access unless it's absolutely necessary.

Got a question or a tipoff?

Please contact your local service rep for further information or assistance. If you’ve found a vulnerability, we want to work with you to fix it – contact and we’ll get right back to you.


Cisco Talos

Revision history

Initial release 2018-05-25