Zyxel security advisory for Denial of Service on P-660HW v3

 

Zyxel is aware of the recently disclosed denial of service vulnerability on a legacy ADSL CPE model P-660HW v3, as disclosed in US NIST National Vulnerability Database with vulnerability ID CVE-2017-17901. Zyxel has immediately launched an investigation upon becoming aware of it.

 

What is the vulnerability?

Zyxel P-660HW v3 devices allow remote attackers to cause a denial of service (CPU consumption) via a flood of IP packets with a TTL of 1

 

How is Zyxel resolving it?

The mentioned P-660HW v3 is a legacy product that has been end-of-support since July 2016. In accordance with industry product life cycle management practices, Zyxel advises customers to replace the legacy products with newer generations for optimal protection.

 

Possible mitigation methods

Due to the system constraints of P-660HW v3, currently there is no mitigation available.

Zyxel security team will keep updating the advisory when more information becomes available.

 

Contact

Please contact your local service representatives if you require further information or assistance. To report a vulnerability, please contact security@zyxel.com.tw

 

Acknowledgement

Hosein Askari hosein.askari@aol.com

 

Revision history

Initial release 2018-01-12