Zyxel: Difference between revisions

Line 16:

==Incidents==

===Zyxel refuses to release patches for actively exploited zero-day vulnerabilities (''2024-2025'')===

Zyxel released a statement announcing they had no plans to release a patch for two actively exploited flaws ({{Wplink|Zero-day vulnerability|zero-day vulnerabilities}}) in its routers, potentially affecting thousands of customers. The company advised customers to buy new routers despite the fact that the affected routers were still possible to buy online.<ref>{{Cite web |author= |title=Zyxel security advisory for command injection and insecure default credentials vulnerabilities in certain legacy DSL CPE |url=https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-and-insecure-default-credentials-vulnerabilities-in-certain-legacy-dsl-cpe-02-04-2025 |website=Zyxel |date=4 Feb 2025 |access-date=26 Jan 2026 |url-status=live |archive-url=https://~~archive~~.is/~~H2TbC~~ |archive-date=~~26 Jan 2026~~}}</ref><ref>{{Cite web |last=Page |first=Carly |title=Router maker Zyxel tells customers to replace vulnerable hardware exploited by hackers

Zyxel released a statement announcing they had no plans to release a patch for two actively exploited flaws ({{Wplink|Zero-day vulnerability|zero-day vulnerabilities}}) in its routers, potentially affecting thousands of customers. The company advised customers to buy new routers despite the fact that the affected routers were still possible to buy online.<ref>{{Cite web |author= |title=Zyxel security advisory for command injection and insecure default credentials vulnerabilities in certain legacy DSL CPE |url=https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-and-insecure-default-credentials-vulnerabilities-in-certain-legacy-dsl-cpe-02-04-2025 |website=Zyxel |date=4 Feb 2025 |access-date=26 Jan 2026 |url-status=live |archive-url=http://web.archive.org/web/20251112144418/https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-and-insecure-default-credentials-vulnerabilities-in-certain-legacy-dsl-cpe-02-04-2025 |archive-date=12 Nov 2025}}</ref><ref>{{Cite web |last=Page |first=Carly |title=Router maker Zyxel tells customers to replace vulnerable hardware exploited by hackers

|url=https://techcrunch.com/2025/02/05/router-maker-zyxel-tells-customers-to-replace-vulnerable-hardware-exploited-by-hackers/ |website=TechCrunch |date=5 Feb 2025 |access-date=26 Jan 2026 |url-status=live |archive-url=https://~~archive~~.is/~~74gJF~~ |archive-date=~~4 Jan~~ 2026}}</ref><ref>{{Cite web |last=Whittaker |first=Zack |title=Zack Whittaker on Mastodon |url=https://mastodon.social/@zackwhittaker/113951421812871589 |website=Mastodon |date=5 Feb 2025 |access-date=26 Jan 2026 |url-status=live |archive-url=https://archive.is/gMv0f |archive-date=27 Jan 2026}}</ref>

|url=https://techcrunch.com/2025/02/05/router-maker-zyxel-tells-customers-to-replace-vulnerable-hardware-exploited-by-hackers/ |website=TechCrunch |date=5 Feb 2025 |access-date=26 Jan 2026 |url-status=live |archive-url=http://web.archive.org/web/20260217010206/https://techcrunch.com/2025/02/05/router-maker-zyxel-tells-customers-to-replace-vulnerable-hardware-exploited-by-hackers/ |archive-date=17 Feb 2026}}</ref><ref>{{Cite web |last=Whittaker |first=Zack |title=Zack Whittaker on Mastodon |url=https://mastodon.social/@zackwhittaker/113951421812871589 |website=Mastodon |date=5 Feb 2025 |access-date=26 Jan 2026 |url-status=live |archive-url=https://archive.is/gMv0f |archive-date=27 Jan 2026}}</ref>

==References==

@@ Line 16: / Line 16: @@
 ==Incidents==
 ===Zyxel refuses to release patches for actively exploited zero-day vulnerabilities (''2024-2025'')===
-Zyxel released a statement announcing they had no plans to release a patch for two actively exploited flaws ({{Wplink|Zero-day vulnerability|zero-day vulnerabilities}}) in its routers, potentially affecting thousands of customers. The company advised customers to buy new routers despite the fact that the affected routers were still possible to buy online.<ref>{{Cite web |author= |title=Zyxel security advisory for command injection and insecure default credentials vulnerabilities in certain legacy DSL CPE |url=https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-and-insecure-default-credentials-vulnerabilities-in-certain-legacy-dsl-cpe-02-04-2025 |website=Zyxel |date=4 Feb 2025 |access-date=26 Jan 2026 |url-status=live |archive-url=https://archive.is/H2TbC |archive-date=26 Jan 2026}}</ref><ref>{{Cite web |last=Page |first=Carly |title=Router maker Zyxel tells customers to replace vulnerable hardware exploited by hackers
+Zyxel released a statement announcing they had no plans to release a patch for two actively exploited flaws ({{Wplink|Zero-day vulnerability|zero-day vulnerabilities}}) in its routers, potentially affecting thousands of customers. The company advised customers to buy new routers despite the fact that the affected routers were still possible to buy online.<ref>{{Cite web |author= |title=Zyxel security advisory for command injection and insecure default credentials vulnerabilities in certain legacy DSL CPE |url=https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-and-insecure-default-credentials-vulnerabilities-in-certain-legacy-dsl-cpe-02-04-2025 |website=Zyxel |date=4 Feb 2025 |access-date=26 Jan 2026 |url-status=live |archive-url=http://web.archive.org/web/20251112144418/https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-and-insecure-default-credentials-vulnerabilities-in-certain-legacy-dsl-cpe-02-04-2025 |archive-date=12 Nov 2025}}</ref><ref>{{Cite web |last=Page |first=Carly |title=Router maker Zyxel tells customers to replace vulnerable hardware exploited by hackers
-|url=https://techcrunch.com/2025/02/05/router-maker-zyxel-tells-customers-to-replace-vulnerable-hardware-exploited-by-hackers/ |website=TechCrunch |date=5 Feb 2025 |access-date=26 Jan 2026 |url-status=live |archive-url=https://archive.is/74gJF |archive-date=4 Jan 2026}}</ref><ref>{{Cite web |last=Whittaker |first=Zack |title=Zack Whittaker on Mastodon |url=https://mastodon.social/@zackwhittaker/113951421812871589 |website=Mastodon |date=5 Feb 2025 |access-date=26 Jan 2026 |url-status=live |archive-url=https://archive.is/gMv0f |archive-date=27 Jan 2026}}</ref>
+|url=https://techcrunch.com/2025/02/05/router-maker-zyxel-tells-customers-to-replace-vulnerable-hardware-exploited-by-hackers/ |website=TechCrunch |date=5 Feb 2025 |access-date=26 Jan 2026 |url-status=live |archive-url=http://web.archive.org/web/20260217010206/https://techcrunch.com/2025/02/05/router-maker-zyxel-tells-customers-to-replace-vulnerable-hardware-exploited-by-hackers/ |archive-date=17 Feb 2026}}</ref><ref>{{Cite web |last=Whittaker |first=Zack |title=Zack Whittaker on Mastodon |url=https://mastodon.social/@zackwhittaker/113951421812871589 |website=Mastodon |date=5 Feb 2025 |access-date=26 Jan 2026 |url-status=live |archive-url=https://archive.is/gMv0f |archive-date=27 Jan 2026}}</ref>
 ==References==