Brute force attacks? Zyxel to tighten protection on routers and CPE


A common threat facing networks today is the brute force attack, a password-guessing method in which someone tries to gain unauthorized access to a network by systematically trying every possible combination of usernames/passwords until a match is found.


To better protect users from brute force attacks, Zyxel will tighten the protection on its routers and customer premise equipment (CPE) in their next major firmware release. The new protection measure will lock out user accounts for 5-10 minutes upon a defined number of failed password attempts, as specified in table 1.


Zyxel also suggests users take the following steps as good general security practice:

  1. Increase password strength. Long and complex passwords are harder to crack.
  2. Change passwords on a regular basis.
  3. Make sure all devices are running on the latest version of firmware


Table 1

Home Routers

Protection: Lock out account for 10 minutes after 5 failed log-ins

Model/Series Available by
NBG418N v2 Dec. 2016
NBG6515 Nov. 2016
NBG6616 Sep. 2016
NBG6617 Oct. 2016
NBG6716 Aug. 2016
NBG6815 Oct. 2016
NBG6817 Sep. 2016



Protection: Lock out account for 5 minutes after 3 failed log-ins

Model/Series Available by
LTE3300 Feb. 2017
LTE4506 Dec. 2016
WAH7706 Dec. 2016



Protection: Lock out account for 5 minutes after 3 failed log-ins

Model/Series Available by
AMG1001-T10A Mar. 2017
AMG1202-T10B Nov. 2016
AMG1302-T10B Nov. 2016
AMG1302-T10C Mar. 2017
AMG1302-T11C Sep. 2016
AMG1312-T10B Nov. 2016
P-660HN-51 Dec. 2016
P-660R-F1 Dec. 2016
PMG5318-B20x Dec. 2016
VMG1312-Bx0A Mar. 2017
VMG1312-B10D Dec. 2016
VMG3925-B10A Dec. 2016
VMG3925-B10B Dec. 2016
VMG3926-B10A Dec. 2016
VMG4325-B10A Dec. 2016
VMG4380-B10A Dec. 2016
VMG4381-B10A Dec. 2016
VMG8x24-Bx0A Mar. 2017
VMG9823-B10A Dec. 2016
VSG1432-B101 Dec. 2016


Please contact your local service or sales representatives if you require any further assistance. 
To report security vulnerabilities, please contact