Users are advised to install the applicable firmware updates. Zyxel will release patches for products affected by the Dnsmasq vulnerabilities reported by CERT/CC. Please contact your local service rep for further information or assistance.
For users who purchased the listed devices on their own, please contact your local Zyxel support team for the new firmware file to ensure optimal protection. For ISP customers, please contact your Zyxel representative for further details. Please note that the table does NOT include customized models for internet service providers (ISPs). What products are vulnerable-and what should you do?Īfter a thorough investigation, we have identified the vulnerable CPE that are within their warranty and support period and are releasing firmware patches to address the issue, as shown in the table below. Remote code execution and denial-of-service vulnerabilities caused by the improper input sanitization of HTTP requests were identified in the zhttpd webserver on some Zyxel CPE. Customers are advised to install the updates for optimal protection. Zyxel has released firmware updates for RCE and DoS vulnerabilities affecting some CPE models.
Zyxel security advisory for remote code execution and denial-of-service vulnerabilities of CPE Summary