Security update for Zyxel CPE devices and Small Business Gateways

Summary

Install the latest firmware for the listed Zyxel CPE devices and Small Business Gateways (SBGs) for optimal network protection.

 

About the update

During a recent product security check, we found that certain debugging webpages for several CPE devices and SBGs could be remotely accessed without authentication when the product’s remote HTTP/HTTPS access function was enabled.

We urge all customers to stay safe by installing the latest firmware for the applicable products listed below as soon as it’s available. Until then, a temporary solution is to disable remote HTTP/HTTPS access for vulnerable devices.

 

What should you do?

If you have any of the following products, we strongly advise you to install the latest firmware as they include important security fixes and upgrades.

 

Model New firmware version
SBG3300-N000 V1.01(AADY.9)C0
SBG3300-NB00 V1.01(AAIW.9)C0
SBG3500-N000 V1.01(AAON.9)C0
SBG3500-NB00 V1.01(AAQM.9)C0
SBG3600-N000 V1.00(AAKO.9)C0
SBG3600-NB00 V1.00(AAZE.9)C0
VMG1312-B10A V1.00(AAJZ.16)C0
VMG1312-B30A V1.00(AATO.10)C0
VMG8324-B10A V1.00(AAKL.24)C0
VMG8324-B30A V1.00(AAPQ.15)C0
VMG8924-B10A V1.00(AAKL.24)C0
VMG8924-B30A V1.00(AAPQ.15)C0
PMG5318-B20C V1.00(ABGS.6)C0
PMG5323-B20B V1.00(ABGT.6)C0
PMG5318-B20B V1.00(AAZC.2)C0

 

Products not listed above are not affected and don’t require a related security update.

Please note that the preceding table excludes products offered through internet service providers (ISPs). We have been working with our ISP customers to deploy security patches for the affected subscriber devices.

 

Got a question or a tipoff?

Please contact your local service rep for further information or assistance. If you’ve found a vulnerability, we want to work with you to fix it – contact security@zyxel.com.tw and we’ll get right back to you.

 

Revision history

2018-07-03: Initial release
2018-07-30: Edited the firmware version of PMG5318-B20B and added the download link