Your browser either does not support JavaScript or you have turned JavaScript off.

Security Advisories

We care about your network security. It’s our highest priority, and it’s what drives us to deliver the timely, useful advice on emerging vulnerabilities that you’ll find below. But there are also a few practices that it’s good common sense to follow at all times:

  • Change the default password as soon as you log in to a new device for the first time
  • Use strong, unique passwords for every device and change them regularly
  • Ensure your devices are running the latest available firmware
  • Don't enable remote access unless it's absolutely necessary

If you’d like to receive the notification about our Security Advisory alert, please click the below button to fill in the info.

Zyxel Product Security Incident Disclosure Policy

Zyxel takes security issues very seriously, and keeping our customers safe is Zyxel’s primary concern. The Zyxel Product Security Incident Response Team (PSIRT) responds to vulnerability reports, investigates the reported vulnerabilities, and implements the best course of action to protect our customers. Zyxel is also authorized as a CVE Numbering Authority (CNA). This recognizes Zyxel’s commitment to security disclosures and will enhance our vulnerability reporting.

If you have discovered a security vulnerability in Zyxel products, we appreciate your help in reporting it to us in a responsible manner. The advance notice allows our PSIRT team to coordinate a patch or workaround which allows our customers to protect themselves before attackers have the opportunity to exploit the issue.

Note: Zyxel does not have a security bug bounty program for reported vulnerabilities.

Advisories

Zyxel security advisory for directory traversal and command injection vulnerabilities of VPN2S Firewall


Zyxel security advisory for XSS vulnerability of GS1900 series switches


Zyxel security advisory for attacks against security appliances


Zyxel security advisory for FragAttacks against WiFi products | Affected model list


Zyxel security advisory for DNSpooq


Zyxel security advisory for insecure folder permissions of ZON Utility


Zyxel security advisory for hardcoded credential vulnerability


Zyxel security advisory for buffer overflow vulnerability


Zyxel security advisory for command injection vulnerability of firewalls


Zyxel security advisory for the Fraunhofer Home Router Security Report 2020


Zyxel security advisory for the kr00k vulnerability


Zyxel security advisory for vulnerabilities of CloudCNM SecuManager


Zyxel security advisory for the remote code execution vulnerability of NAS and firewall products


Zyxel security advisory for GS1900 switch vulnerabilities


Zyxel security advisory for a new variant of Gafgyt malware


Zyxel security advisory for P1302-T10D v3 modem insecure direct object reference vulnerability


Zyxel security advisory for SOHOpelessly Broken 2.0


Zyxel security advisory for hardcoded FTP credential vulnerability of access points


Zyxel security advisory for Web CGI vulnerability of gateways and access point controllers


Zyxel security advisory for buffer overflow vulnerabilities of GS1900 switches


Zyxel security advisory for vulnerabilities related to the Free Time feature


Zyxel security advisory for reflected cross-site scripting vulnerability of firewalls


Zyxel security advisory for the new Mirai malware variant targeting P660HN devices


Reinforcing router security: German BSI's Secure Broadband Router guideline


Zyxel security advisory for BCMUPnP_Hunter botnet


Zyxel security advisory for IKEv1 protocol vulnerability


Zyxel security advisory for the Bleichenbacher’s attack vulnerability of ZyWALL/USG devices


Zyxel security advisory for the Linux kernel TCP flaw


Security advisory for the VPNFilter malware


Zyxel security advisory for the key management vulnerabilities of WPA2 protocol (Service Provider Only)


Zyxel security advisory for dnsmasq vulnerabilities


Guard against Petya ransomware


Google Drive Backup ZyWALL USG Series Firmware Upgrade Service Q&A


Zyxel statement to vulnerability CVE-2017-3216


Guard against WannaCry ransomware


Zyxel statement to the recent WordPress attacks


Zyxel advisory for the BlackNurse attack


Zyxel Brute force attacks? Zyxel to tighten protection on routers and CPE


Zyxel Advisory for Vulnerability CVE-2015-7547


Zyxel to Issue Fix for CERT VU#870744 Vulnerabilities


Zyxel to Issue Fix for LTE3301-Q222 Software Bug


Zyxel Not Affected by “RSA-CRT Key Leaks”


Zyxel Product Support for Microsoft Windows 10


Google Drive Function Now Restored and Available on Zyxel Network Storage Products


Avoid CSRF Pharming Vulnerability and MOOSE Malware


Zyxel to Release Patch for KCodes NetUSB Vulnerability


Google Drive Backup Function Temporarily Unavailable on Zyxel Network Storage Products


Zyxel USG/ZyWALL Series Not Affected by “FREAK”


Guard Against “GHOST” Vulnerability


Guard Against “Misfortune Cookie” Vulnerability


Protect Your Network from the SSL v3.0 “POODLE” Vulnerability


Shellshock!? Is it an Issue for Zyxel Products?


About WPS Attack by Brute Force


End User License Agreement


Zyxel Windows 8 Support


BusyBox™ GPL Software Notice


508 Compliance