Zyxel statement to the recent WordPress attacks


A recent security analysis from Wordfence suggested that a number of home routers running a vulnerable version of embedded RomPager web server on an open port 7547 have been hacked and abused to launch attacks against WordPress sites.


Is my Zyxel product vulnerable?

According to the disclosure, the vulnerable Zyxel device, ZyWALL 2 router is a legacy product which has entered the end-of-support status since 2009.


Is my USG/ZyWALL security appliance at risk?

The Zyxel USG/ZyWALL Series currently on-market is built on a different operating system from the old ZyWALL 2 router.

The USG/ZyWALL Series does not contain a RomPager web server and the port 7547 is disabled by default, so it is IMMUNE to the exploit.


For optimal security, Zyxel recommends all users upgrade their devices to the latest available firmware versions that include security updates to protect users from known vulnerabilities.

Please contact your local service representatives if you require further information or assistance. To report a vulnerability, please contact security@zyxel.com.tw