Security Advisories

We care about your network security. It’s our highest priority, and it’s what drives us to deliver the timely, useful advice on emerging vulnerabilities that you’ll find below. But there are also a few practices that it’s good common sense to follow at all times:

Change the default password as soon as you log in to a new device for the first time
Use strong, unique passwords for every device and change them regularly
Ensure your devices are running the latest available firmware
Don't enable remote access unless it's absolutely necessary

Got a tipoff?

If you’ve found a vulnerability, we want to work with you to fix it.
Contact security@zyxel.com.tw and we’ll get back to you.

If you’d like to receive the notification about our Security Advisory alert, please click the below button to fill in the info.

Advisories

Zyxel security advisory for DNSpooq

Zyxel security advisory for insecure folder permissions of ZON Utility

Zyxel security advisory for hardcoded credential vulnerability

Zyxel security advisory for buffer overflow vulnerability

Zyxel security advisory for command injection vulnerability of firewalls

Zyxel security advisory for the Fraunhofer Home Router Security Report 2020

Zyxel security advisory for the kr00k vulnerability

Zyxel security advisory for vulnerabilities of CloudCNM SecuManager

Zyxel security advisory for the remote code execution vulnerability of NAS and firewall products

Zyxel security advisory for GS1900 switch vulnerabilities

Zyxel security advisory for a new variant of Gafgyt malware

Zyxel security advisory for P1302-T10D v3 modem insecure direct object reference vulnerability

Zyxel security advisory for SOHOpelessly Broken 2.0

Zyxel security advisory for hardcoded FTP credential vulnerability of access points

Zyxel security advisory for Web CGI vulnerability of gateways and access point controllers

Zyxel security advisory for buffer overflow vulnerabilities of GS1900 switches

Zyxel security advisory for vulnerabilities related to the Free Time feature

Zyxel security advisory for reflected cross-site scripting vulnerability of firewalls

Zyxel security advisory for the new Mirai malware variant targeting P660HN devices

Reinforcing router security: German BSI's Secure Broadband Router guideline

Zyxel security advisory for BCMUPnP_Hunter botnet

Zyxel security advisory for IKEv1 protocol vulnerability

Zyxel security advisory for the Bleichenbacher’s attack vulnerability of ZyWALL/USG devices

Zyxel security advisory for the Linux kernel TCP flaw

Security advisory for the VPNFilter malware

Zyxel security advisory for the key management vulnerabilities of WPA2 protocol (Service Provider Only)

Zyxel security advisory for dnsmasq vulnerabilities

Guard against Petya ransomware

Google Drive Backup ZyWALL USG Series Firmware Upgrade Service Q&A

Zyxel statement to vulnerability CVE-2017-3216

Guard against WannaCry ransomware

Zyxel statement to the recent WordPress attacks

Zyxel advisory for the BlackNurse attack

Zyxel Brute force attacks? Zyxel to tighten protection on routers and CPE

Zyxel Advisory for Vulnerability CVE-2015-7547

Zyxel to Issue Fix for CERT VU#870744 Vulnerabilities

Zyxel to Issue Fix for LTE3301-Q222 Software Bug

Zyxel Not Affected by “RSA-CRT Key Leaks”

Zyxel Product Support for Microsoft Windows 10

Google Drive Function Now Restored and Available on Zyxel Network Storage Products

Avoid CSRF Pharming Vulnerability and MOOSE Malware

Zyxel to Release Patch for KCodes NetUSB Vulnerability

Google Drive Backup Function Temporarily Unavailable on Zyxel Network Storage Products

Zyxel USG/ZyWALL Series Not Affected by “FREAK”

Guard Against “GHOST” Vulnerability

Guard Against “Misfortune Cookie” Vulnerability

Protect Your Network from the SSL v3.0 “POODLE” Vulnerability

Shellshock!? Is it an Issue for Zyxel Products?

About WPS Attack by Brute Force

End User License Agreement

Zyxel Windows 8 Support

BusyBox™ GPL Software Notice