Tag

#zyxel

2 posts tagged #zyxel.

Analysis · May 20, 2026 · Colten Anderson

A 2017 home-router bug got a federal deadline. The fix is to throw the router away.

CVE-2017-6884 is command injection in a Zyxel SOHO router. Zyxel patched it in 2017, but the device is end-of-life, so the real remediation is replacement. It's on the KEV list because EOL edge gear is exactly what gets conscripted into botnets.
Analysis · May 10, 2026 · Colten Anderson

Zyxel patched CVE-2024-11667 in September. They named it in November

The fix shipped on September 3, 2024. The CVE assignment came eleven weeks later, after Helldown was already in production networks. The customers who patched on time still got compromised.