Zyxel security advisory for a new variant of Gafgyt malware

CVE: CVE-2017-18368

 

Summary

Zyxel P660HN-T1A devices running their latest firmware, version 3.40(BYF.11), are immune to the latest variant of Gafgyt malware.

 

What is the vulnerability?

A newly discovered variant of Gafgyt may attempt to infect IoT devices of multiple brands, including Zyxel’s P660HN-T1A router. It seeks to leverage the outdated CVE-2017-18368 vulnerability to gain access to devices and recruit them into botnets in order to attack gaming servers.

 

What should you do?

A thorough investigation has confirmed that P660HN-T1A devices running their latest firmware, version 3.40(BYF.11), are immune to the new Gafgyt variant. We urge all users who have not done so already to install the firmware to ensure optimal protection*. If you obtained your Zyxel product through an Internet service provider, please contact that provider for support.

 

Got a question or a tipoff?

Please contact your local service rep for further information or assistance. If you’ve found a vulnerability, we want to work with you to fix it —contact security@zyxel.com.tw and we’ll get right back to you.

 

Acknowledgment

Thanks to Asher Davila, a researcher at Palo Alto Networks.
https://unit42.paloaltonetworks.com/home-small-office-wireless-routers-exploited-to-attack-gaming-servers/

 

Revision history

Initial release 2019-11-07

 

*As P660HN-T1A router has been end-of-life since 2016, please contact your local Zyxel support team to get the latest firmware file.