ZyXEL Communications would like to assure its customers that ZyXEL products ranging from business products to DSL CPEs are not affected by the Heartbleed OpenSSL vulnerability that is currently being widely discussed in the press and social media.

The company has carried out extensive checks and confirmed that the OpenSSL versions used in ZyXEL business solutions and DSL CPE products are not at risk.

ZyXEL business solutions including security appliances, Gateways, Switches and WLAN AP/ Controllers, use OpenSSL, but not the affected versions. This means all firewalls and firmware versions are posed no threat by the Heardbleed bug, which was found in OpenSSL versions 1.0.1f and 1.0.2-beta1.

The same applies to ZyXEL DSL CPE, WiMAX , LTE products, and other models that support HTTPs Remote Management. The OpenSSL versions these products use are not affected by the Heartbleed bug.

To improve business network security, ZyXEL strongly recommends that users add our IDP (Intrusion Detection and Prevention) service to USG (Unified Security Gateway) to protect business from such threats. The ZyXEL USG series effectively guards servers in business networks from break-in via the Heartbleed bug. To further enhance protection, the ZyXEL USG series featuring the IDP license will automatically connect to ZSDN (ZyXEL Security Distribution Network) to retrieve the latest updates. ZyXEL is releasing this new IDP signature update on April 16th, 2014.