Skip to the content.

DIVD-2022-00065 - Multiple Critical Vulnerabilities in multiple Zyxel EOL devices

Our reference DIVD-2022-00065
Case lead Mick Beer
Author
Researcher(s)
CVE(s)
  • n/a
Products
  • Zyxel
Recommendation Retire impacted devices
Patch status “Devices are end-of-life and will not be patched”
Status Open
Last modified 23 Jan 2023 16:57

Summary

On February 15th 2022, Sec Consult published an advisory regarding multiple vulnerabilities on various Zyxel devices. While some of these devices could be patched, others were EOL (end of life) and will not receive a patch. DIVD has performed scans for these devices, to notify owners/operators of the risks regarding the continued operation of these devices.

What you can do

If you currently own or operate any of the listed EOL devices, please consider retiring/replacing it as soon as possible. If, for whatever reason, this is not a possibility, make sure all internet facing ports are closed as much as possible.

If you came here through other means than through our direct mailing, please refer to the list published by Sec Consult and Zyxel, to determine whether your Zyxel device is vulnerable and if a patch might be available, if your device isn’t EOL.

What we are doing

After having notified all owners/operators of relevant EOL Zyxel devices, we will intermittently scan the internet, to determine if appropriate action has been taken, and renotify if we have not received a reply from a devices respective owner/operator.

More information