CHF389.–
Zyxel AX7501 with XGSPON SFP+, VLAN 10
Product rating for Zyxel AX7501 with XGSPON SFP+, VLAN 10
A security nightmare: DO NOT BUY - DO NOT USE
Getting a new firmware is difficult if not impossible
https://www.opencve.io/cve
Zyxel portal is a nightmare, AX7501-B0 return ZERO results
try https://www.zyxel.com/support...
Asked in official forums:
"For the new firmware, it may depends on your supplier.
If your AX7501-B0 comes from ISP, you may need to check with your ISP for new firmware version."
Found a security advisory by PURE luck in google, yes I have the wrong one V5.15(ABPC.0)C0 (default)
https://support.zyxel.eu/hc...
And again NO EASY way to get access to the firmware.
Would have been acceptable in year 2000, not any more in 2022. Having 10GB is not worth the security risk.
Huge Firmware mess:
Your ISP customize the image (why, how, where is the protocol) so
* you buy at digitec or elsewhere -> you can contact xyzel and hope they will help you
* you got the router from swisscom, salt, and co -> you have to use another customized firmware from your provider -> security wise a nightmare as well
* you got the router from init7 -> youre lucky you can apply C0 (aka default Zyxel firmware)
Getting new firmware (all are OUTDATED)
Swisscom: ftp://zyxel@ftp.zyxel.ch/AX7501-B0/OBM/V517ABPC1C0.bin
Init7: https://nextcloud.init7.net/s... (Passwort: ANbrM7BLG5)
2023.4
Latest firmware V517ABPC3D0 solved some issues but behind the scene still contains
* Samba daemon 3.6.25 End of life since 2015
* Linux kernel 4.1.52 end of life 2018
* OpenSSL 1.1.1 is EOL in sept 2023, will they update before?
and a LOT more outdated software
* Will never run OpenWrt, it use Broadcom see https://forum.openwrt.org/t... but run in fact behind the scene a butchered OpenWrt 14.03 with magical Broadcom binaries.
* Mac mini has issues with 5GHz, Apple TV 4K is also struggling. Use only 2.4GHz but will dump router & go back to 1gb
Pro
- none
Contra
- a challenge to update firmware: ISP also modify firmware
- no firmware auto update or alerts
- interface is difficult to use (even after 21 years in IT)
- Instable wifi 5GHz
- Zyxel should not be allowed to sell any network devices
- SBOM of Xyzel not public. The State of Software Bill of Materials show lot of packages outdated....
- ZYXEL don't take security seriously
- firmware: no SHASUM, untrusted FTP, images not signed
- Can not switch off status led
- Magical binary to update??
- you can ask ZYXEL for the firmware source code, no response
- use butchered OpenWrt version 14.03 not 22.03
Use it as Bridge and Buy something better.
something better like what?
This router will be front facing and resolve DNS queries and if it get easily infected or start DDOS attacks...
bad luck, OpenWRT can not be installed on it....Damn. how do i get the update as a sunrise user?
while I agree with the OP, at least init7 seems to update it's customers' firmware over the wire. I don't know if all providers do this, though.
I contacted Init7 and asked for a firmware update. They sent me the file.
But it's a hassle to ask them for an update and you don't even know what's in it or when there will be another update.
In the meantime I switched to an AX89X, which is now not only better but also cheaper.@Winterfalke
Handelt es sich hierbei um V517ABPC1b5.zip (für P2P)?Hier gibt es die neuste Firmware:'
V517ABPC21D0.zip
ftp(PUNKT)zyxel.ch zyxel und zyxel als username und Kennwort.
Die freie Box ohne Branding von Sunrise kann aktualisiert werden und läuft sehr gut mit neuster Firmware.Wenn ich mich nicht täusche ist "V517ABPC21D0.zip" für XGS-PON (P2MP)
"V517ABPC1b5.zip" wäre für z.B. Fiber7-X (P2P)@Winterfalke
Was mich noch interessieren würde...
Wieviel kriegst du WAN <--> LAN Throughput beim AX89X?
Erreicht dieser mehr oder weniger die 10Gbps?
Wollte mir den AX89X vor ca. 1 Jahr schon ziehen, aber ich war noch nicht ganz so überzeugt davon.
Nutze seit vielen Jahren Asus Router mit der Merlin FW.
Aktuell warte ich auf RT-BE96U & GT-BE98.
Dann wird es hoffentlich Zeit für Fiber7-X.
Leider finde ich nichts sinnvolles an HW für Fiber7-X2.
Da ich es im Wohnzimmer betreiben will und nicht in einem Serverrack lol@JiSiN
Die letzte Anfrage hatte ich Juli an Init7 gesendet und die hatten mir einen dropbox link gesendet, welcher nun nichtmehr gültig ist. Die Firmware Datei war AX7501-B0_Firmware_5.15%28ABPC.0%29C0.zip also das entspricht V5.15(ABPC.0)C0 also eine ältere Version.
Bezüglich deiner zweiten Frage: leider kann ich im Moment 10G nicht testen.
Aus Erfahrung aus der Vergangenheit gibt es kein Anwendungsgebiet welches ich Nutze dass 4Gigabit erreicht. Nicht weil die Leitung langsam ist, sondern weil die Server auf der gegenüberliegenden Seite nicht genug Bandbreite zur Verfügung stellen (Beispiel Steam downloads war mein Rekord unter knapp unter 4Gigabit, meist eher niedriger).
Daher nutze ich aus praktischen Gründen einen 2.5G Anschluss von meinem Mainboard, welcher für meine Zwecke mehr als ausreicht.
Einer der Gründe warum ich von Anfang an kein Fiber-X2 genommen habe ist dass 10G schon absolut overkill sind und ich nicht erwartet habe dass irgendein Onlineserver das unterstützt wenn ich etwas downloade.@Winterfalke: mit V517ABPC21D0.zip läuft das zyxel gut. Deine Version war älter. Ich hatte vorher Probleme mit dem 10gb Port (steht im changelog)
V517ABPC21D0.zip works fine with init7, I tried it. A newer V5.17(ABPC.3)C0 was apparently released which is supposed to patch security vulnerabilities. See https://www.zyxel.com/global...
I haven't found download links. I agree with OP that offering no public way to download the latest security fixes is just insane.Nightmare continue....
If you're on V5.17(ABPC.1)C0. this is insecure since
CVE-2022-45440 1 Zyxel 2 Ax7501-b0, Ax7501-b0 Firmware 2023-01-25 N/A 4.4 MEDIUM
A vulnerability exists in the FTP server of the Zyxel AX7501-B0 firmware prior to V5.17(ABPC.3)C0, which processes symbolic links on external storage media. A local authenticated attacker with administrator privileges could abuse this vulnerability to access the root file system by creating a symbolic link on external storage media, such as a USB flash drive, and then logging into the FTP server on a vulnerable device.
CVE-2022-45439 1 Zyxel 2 Ax7501-b0, Ax7501-b0 Firmware 2023-01-24 N/A 6.5 MEDIUM
A pair of spare WiFi credentials is stored in the configuration file of the Zyxel AX7501-B0 firmware prior to V5.17(ABPC.3)C0 in cleartext. An unauthenticated attacker could use the credentials to access the WLAN service if the configuration file has been retrieved from the device by leveraging another known vulnerability.
CVE-2022-43392 1 Zyxel 96 Ax7501-b0, Ax7501-b0 Firmware, Dx3301-t0 and 93 more 2023-01-18 N/A 6.5 MEDIUM
A buffer overflow vulnerability in the parameter of web server in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to cause denial-of-service (DoS) conditions by sending a crafted authorization request.
Zyxel has a solution, update to V5.17(ABPC.3)C0 but damn IT IS IMPOSSIBLE TO LOCATE IT
https://community.zyxel.com/en...
All known vulnerabilities so far (known but there is more for sure)
https://www.opencve.io/cve
I am more and more thinking about selling this device and go back to 1GB/s bandwidth, using openWRT.
These companies should go out of businessI ended up contacting support@init7.net, they sent me a link to V5.17(ABPC.3)b2 , a beta version dated Oct 20 2022.
Not clear if it solves the vulnerabilities mentioned above. The release notes do mention this fix: "[#176288]Zyxel-SI-1433 [Vulnerability] Buffer overflow vulnerabilities and command injection vulnerability for AX7501-B1 Generic"Die Version V5.17(ABPC.3)D0 steht nun bereit:
Bug Fixed
Security
[#178839]
178839][Security]Zyxel SI 1441 [Vulnerability] Hidden SSID and
symbolic Links in ftpd of AX7501 B0Ist die V5.17(ABPC.3)D0 für die AX7501-b0? Laut FTP ist die für den AX7501-b1, oder habe ich da falsch geschaut?
V5.17(ABPC.4)C0 is out, which includes a number of security vulnerabilities fixes, including a "Possible security flaw that allows to retrieve root password". Reminder to all owners to regularly contact your ISP and request the latest firmware. Zyxel CH's own FTP is outdated, no point looking there.
What a circus :D@dokterdok: did you get the C4 already?
I just received it today. Init7 sent me a password protected link and instructions. Haven’t flashed it yet.
Security fixes included in V5.17(ABPC.4)C0, from the release notes:
* [#190137][#230500907] Possible security flaw that allows to
retrieve root password.
* [#184254][CVE-2022-4203,4304,4450][CVE-2023-0215~0217,0286,0
401][Zyxel-SI-1464] [Vulnerability] OpenSSL multiple vulnerabilities
* [#182244][ETSI EN 303 645] The consumer IoT device shall protect
the confidentiality of critical security parameters that are
communicated via remotely accessible network interfaces.
* [#182251][ETSI EN 303 645] 5.8-2: The confidentiality of sensitive
personal data communicated between the device and
associated services shall be protected, with cryptography
appropriate to the properties of the technology and usage.I contacted my isp green.ch and they sent me the version V513ABQO1b4_D0.bin it without any release notes. I just asked them for more informations. This version is outdated? V513 must be very old, right? I am confused since I cannot find any changelog
Looking at Zyxel's ftp, it sounds like they sent you a firmware for a different model, the Zyxel XMG3927. And that firmware you mentioned dates back to 2021.
Thank you. I just wrote green to inform them. Hopefully the manage to send me the correct version. It's a pity that the firmware is not available publicly
Hi dokterdok
Now i received the following version, D0 and not C0 (V5.17(ABPC.4)C0). Is this already a newer one? (V517ABPC4D0.bin), release notes are still missing. I just asked them to send them to me as well. Here is a google drive link drive(dot)google(dot)com/file/d/1WbbmmWYsbHmn8QQD0Y1v9cvq2eSQzNkB/view?usp=sharing
I will try to flash this evening.ahh i got the AX7501-B1 and not the AX7501-B0, maybe thats why i got the V517ABPC4D0.bin
C0, D0 etc. seem to be linked to ISP-specific firmware configurations, which is why it's best to stick to what your ISP recommends.
I've moved on to the TP-Link BE85 a while ago and now only use this Zyxel router as a backup.Firmware 5.17 gefunden
https://support.zyxel.eu/hc...
https://www.dropbox.com/scl...@Hillmann111
Those firmwares you linked to above are insecure and date back a couple of years.
The latest one is V5.17(ABPC.5)C0, released in late April 2024. It should be available if you ask your ISP. It includes a less ancient OpenSSL release (3.1.2) and security vulnerabilities fixes.FYI there is an official firmware dated August 9 2024 / 5.17(ABPC.5.2)C0 at https://www.zyxel.com/service-pr... -> Downloads & Resources. But if in doubt, better contact your ISP regardless.
iway.ch (Schweizer ISP) veröffentlicht aktuelle die D0 Firmware für diesen Router hier:
https://firmware.iway.ch/zyxel...
aktuell liegt folgende Version vor:
V5.17(ABPC.5.3)D0 (Release Datum: 04.10.2024)
Diese Firmware ist Kompatibel auch mit Init7 (habe es getestet)
