Zyxel statement for the TR-064 protocol implementation in CPEs

The issue

TR-064 LAN-side CPE configuration bound to the TR-069 CPE WAN Management Protocol (CWMP) interface through TCP port 7547. With malicious practice in place, unauthorized users could access or alter the device’s LAN configuration from the WAN-side using TR-064 protocol.

Zyxel is aware of the issue and assures customers that we are handling the issue with top priority. We have conducted a thorough investigation and found that the root cause of this issue lies with the Econet/Linux and LiNOS platforms. Zyxel has identified the susceptible models, as listed in Table 1 below.

 

The solution

Will be implemented to discard TR-064 packets from the WAN side to keep the devices protected.

For users whose devices not supplied by a Service Provider, Zyxel recommends you upgrade to the latest available firmware for maximum protection.

 

As a good security practice, Zyxel also strongly recommends all users take the following steps to maximize protection against cyber threats:

  • Change device administration password as well as the Wi-Fi SSID/password
  • Increase password strength. Long and complex passwords are harder to crack

Please contact your local service or sales representatives if you require any further assistance.

 

Table 1

Model Applicable Region Applicable Countries Firmware Patch and Download Links
AMG1001-T10A Europe Nordic countries V1.00(AAJL.2)D0   
All other European countries V1.00(AAJL.2)C0  
AMG1202-T10A Europe UK V1.00(AAAM.3)D0   
Ireland V1.00(AAAM.3)F0  
AMG1202-T10B Europe Sweden + Finland V2.00(AAFN.17)E0  
All other European countries V2.00(AAFN.17)C0  
Africa South Africa V2.00(AAFN.17)H0  
Asia Thailand V2.00(AAQP.4b1)_G0  
India V2.00(AAQP.4b1)_K0  
Middle-East UAE V2.00(AAQP.4b1)_V0  
Central America Central America countries V2.00(AAFN.17)D0  
AMG1302-T10A Europe UK V1.00(AABK.3)D0  
AMG1302-T10B Europe UK V2.00(AAJC.16)I0  
All other European countries V2.00(AAJC.16)C0  
Asia Thailand V2.00(AARX.1b5)_G0  
Central America Central America countries V2.00(AAJC.16)D0  
South America Argentina V2.00(AAJC.16)D0  
AMG1302-T11C Europe Sweden + Finland V3.00(ABCG.8)E0  
UK V3.00(ABCG.8)I0  
All other European countries V3.00(ABCG.8)C0  
Africa South Africa V3.00(ABCG.8)H0  
Central America Central America countries V3.00(ABCG.8)D0  
AMG1312-T10B Europe Sweden + Finland V2.00(AAFP.12)E0  
All other European countries V2.00(AAFP.12)C0  
Africa South Africa V2.00(AAFP.12)H0  
Asia Thailand V2.00(AAQF.2b10)_G0  
India V2.00(AAFP.12)C0  
Middle-East UAE V2.00(AAQF.2b10)  

 

For Zyxel products offered through Internet service providers (ISPs), please contact your ISP if you require further details.