Security advisories

We help you build trust with your customers by making network security our highest priority. It’s what drives us to deliver timely, actionable advice on emerging vulnerabilities. Zyxel is authorized as a CVE Numbering Authority (CNA). This recognizes our commitment to security disclosures and a continuous enhancement of vulnerability reporting.

If you have discovered a security vulnerability in Zyxel products, we appreciate advance notices. Our Product Security Incident Response Team (PSIRT) will immediately respond and coordinate a patch to protect your subscribers before any opportunists exploit the issue.

Note: Zyxel does not have a security bug bounty program for reported vulnerabilities.

Report a security vulnerability Download PGP Public Key

Advisories

Zyxel security advisory for cleartext storage of WiFi credentials and improper symbolic links of FTP for AX7501-B0 CPE

Zyxel security advisory for command injection and buffer overflow vulnerabilities of CPE, fiber ONTs, and WiFi extenders

Zyxel security advisory for DoS vulnerability of switches

Zyxel security advisory for cleartext storage of information vulnerability

Zyxel security advisory for buffer overflow vulnerability in Realtek eCos SDK

Zyxel security advisory for OS command injection and buffer overflow vulnerabilities of CPE and ONTs

Zyxel security advisory for multiple vulnerabilities

Zyxel security advisory for Apache Log4j RCE vulnerabilities

Zyxel security advisory for FragAttacks against WiFi products

Zyxel security advisory for CGI vulnerability of LTE

Zyxel security advisory for DNSpooq

Zyxel security advisory for remote code execution and denial-of-service vulnerabilities of CPE

Zyxel security advisory for a new variant of Gafgyt malware

Zyxel security advisory for P1302-T10D v3 modem insecure direct object reference vulnerability

Zyxel security advisory for the new Mirai malware variant targeting P660HN devices

Reinforcing router security: German BSI’s Secure Broadband Router guideline

Zyxel security advisory for BCMUPnP_Hunter botnet

Zyxel security advisory for IKEv1 protocol vulnerability

Zyxel security advisory for the Linux kernel TCP flaw

Security update for Zyxel CPE devices and Small Business Gateways

Security advisory for the VPNFilter malware

Zyxel security advisory for Denial of Service on P-660HW v3

Zyxel security advisory for Meltdown and Spectre attacks

Zyxel security advisory for the recent botnet attacks targeting PK5001Z

Zyxel security advisory for dnsmasq vulnerabilities

Zyxel statement to vulnerability CVE-2017-3216

Zyxel advisory: password change recommendations to maximize protection

Zyxel statement for the TR-064 protocol implementation in CPEs

Brute force attacks? Zyxel to tighten protection on routers and CPE

Zyxel advisory for vulnerability CVE-2015-7547

Zyxel to fix SSH private Key and certificate vulnerability

Zyxel to issue fix for CERT VU#870744 Vulnerabilities

Zyxel to issue fix for LTE3301-Q222 software bug

Zyxel not affected by “RSA-CRT Key Leaks”

Zyxel product support for Microsoft Windows 10

Guard against “Misfortune Cookie” vulnerability

Shellshock!? Is it an issue for Zyxel products?

WPS brute force attack

End User License Agreement (EULA)