Product rating for Zyxel AX7501 with XGSPON SFP+, VLAN 10

Use it as Bridge and Buy something better.

something better like what?

This router will be front facing and resolve DNS queries and if it get easily infected or start DDOS attacks...

bad luck, OpenWRT can not be installed on it....

Damn. how do i get the update as a sunrise user?

while I agree with the OP, at least init7 seems to update it's customers' firmware over the wire. I don't know if all providers do this, though.

I contacted Init7 and asked for a firmware update. They sent me the file.
But it's a hassle to ask them for an update and you don't even know what's in it or when there will be another update.
In the meantime I switched to an AX89X, which is now not only better but also cheaper. more

@Winterfalke
Is this V517ABPC1b5.zip (for P2P)?

Here is the latest firmware:'
V517ABPC21D0.zip

ftp(PUNKT)zyxel.ch zyxel and zyxel as username and password.

The free box without branding from Sunrise can be updated and runs very well with the latest firmware.

If I am not mistaken, "V517ABPC21D0.zip" is for XGS-PON (P2MP).
"V517ABPC1b5.zip" would be for e.g. Fiber7-X (P2P)

@Winterfalcon
What else would interest me...
How much do you get WAN <--> LAN throughput on the AX89X?
Does it more or less reach the 10Gbps?

Was going to pull the AX89X about 1 year ago, but I wasn't quite convinced yet.
I have been using Asus routers with the Merlin FW for many years.
Currently I am waiting for RT-BE96U & GT-BE98.
Then hopefully it will be time for Fiber7-X.

Unfortunately I can't find anything useful in HW for Fiber7-X2.
Since I want to run it in the living room and not in a server rack lol more

@JiSiN
The last request I sent to Init7 was in July and they sent me a dropbox link which is no longer valid. The firmware file was AX7501-B0_Firmware_5.15%28ABPC.0%29C0.zip so that corresponds to V5.15(ABPC.0)C0 so an older version.
Regarding your second question: unfortunately I cannot test 10G at the moment.
From past experience, there is no application area I use that reaches 4Gigabit. Not because the line is slow, but because the servers on the opposite side don't provide enough bandwidth (example Steam downloads was my record under just under 4Gigabit, mostly rather lower).
So for practical reasons I use a 2.5G connection from my mainboard, which is more than sufficient for my purposes.
One of the reasons why I didn't go for Fiber-X2 from the beginning is that 10G is already absolutely overkill and I didn't expect any online server to support that when I download something. more

@Winterfalke: with V517ABPC21D0.zip the zyxel works fine. Your version was older. I had problems with the 10gb port before (see changelog).

V517ABPC21D0.zip works fine with init7, I tried it. A newer V5.17(ABPC.3)C0 was apparently released which is supposed to patch security vulnerabilities. See https://www.zyxel.com/global...

I haven't found download links. I agree with OP that offering no public way to download the latest security fixes is just insane. more

Nightmare continue....

If you're on V5.17(ABPC.1)C0. this is insecure since

CVE-2022-45440 1 Zyxel 2 Ax7501-b0, Ax7501-b0 Firmware 2023-01-25 N/A 4.4 MEDIUM
A vulnerability exists in the FTP server of the Zyxel AX7501-B0 firmware prior to V5.17(ABPC.3)C0, which processes symbolic links on external storage media. A local authenticated attacker with administrator privileges could abuse this vulnerability to access the root file system by creating a symbolic link on external storage media, such as a USB flash drive, and then logging into the FTP server on a vulnerable device.
CVE-2022-45439 1 Zyxel 2 Ax7501-b0, Ax7501-b0 Firmware 2023-01-24 N/A 6.5 MEDIUM
A pair of spare WiFi credentials is stored in the configuration file of the Zyxel AX7501-B0 firmware prior to V5.17(ABPC.3)C0 in cleartext. An unauthenticated attacker could use the credentials to access the WLAN service if the configuration file has been retrieved from the device by leveraging another known vulnerability.
CVE-2022-43392 1 Zyxel 96 Ax7501-b0, Ax7501-b0 Firmware, Dx3301-t0 and 93 more 2023-01-18 N/A 6.5 MEDIUM
A buffer overflow vulnerability in the parameter of web server in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to cause denial-of-service (DoS) conditions by sending a crafted authorization request.

Zyxel has a solution, update to V5.17(ABPC.3)C0 but damn IT IS IMPOSSIBLE TO LOCATE IT
https://community.zyxel.com/en...

All known vulnerabilities so far (known but there is more for sure)
https://www.opencve.io/cve

I am more and more thinking about selling this device and go back to 1GB/s bandwidth, using openWRT.

These companies should go out of business more

I ended up contacting support@init7.net, they sent me a link to V5.17(ABPC.3)b2 , a beta version dated Oct 20 2022.
Not clear if it solves the vulnerabilities mentioned above. The release notes do mention this fix: "[#176288]Zyxel-SI-1433 [Vulnerability] Buffer overflow vulnerabilities and command injection vulnerability for AX7501-B1 Generic" more

Version V5.17(ABPC.3)D0 is now available:

Bug Fixed
Security
[#178839]
178839][Security]Zyxel SI 1441 [Vulnerability] Hidden SSID and
symbolic Links in ftpd of AX7501 B0

Is the V5.17(ABPC.3)D0 for the AX7501-b0? According to the FTP, it is for the AX7501-b1, or did I look at it wrong?

V5.17(ABPC.4)C0 is out, which includes a number of security vulnerabilities fixes, including a "Possible security flaw that allows to retrieve root password". Reminder to all owners to regularly contact your ISP and request the latest firmware. Zyxel CH's own FTP is outdated, no point looking there.
What a circus :D more

@dokterdok: did you get the C4 already?

I just received it today. Init7 sent me a password protected link and instructions. Haven’t flashed it yet.

Security fixes included in V5.17(ABPC.4)C0, from the release notes:
* [#190137][#230500907] Possible security flaw that allows to
retrieve root password.
* [#184254][CVE-2022-4203,4304,4450][CVE-2023-0215~0217,0286,0
401][Zyxel-SI-1464] [Vulnerability] OpenSSL multiple vulnerabilities
* [#182244][ETSI EN 303 645] The consumer IoT device shall protect
the confidentiality of critical security parameters that are
communicated via remotely accessible network interfaces.
* [#182251][ETSI EN 303 645] 5.8-2: The confidentiality of sensitive
personal data communicated between the device and
associated services shall be protected, with cryptography
appropriate to the properties of the technology and usage. more

I contacted my isp green.ch and they sent me the version V513ABQO1b4_D0.bin it without any release notes. I just asked them for more informations. This version is outdated? V513 must be very old, right? I am confused since I cannot find any changelog more

Looking at Zyxel's ftp, it sounds like they sent you a firmware for a different model, the Zyxel XMG3927. And that firmware you mentioned dates back to 2021.

Thank you. I just wrote green to inform them. Hopefully the manage to send me the correct version. It's a pity that the firmware is not available publicly

Hi dokterdok

Now i received the following version, D0 and not C0 (V5.17(ABPC.4)C0). Is this already a newer one? (V517ABPC4D0.bin), release notes are still missing. I just asked them to send them to me as well. Here is a google drive link drive(dot)google(dot)com/file/d/1WbbmmWYsbHmn8QQD0Y1v9cvq2eSQzNkB/view?usp=sharing

I will try to flash this evening. more

ahh i got the AX7501-B1 and not the AX7501-B0, maybe thats why i got the V517ABPC4D0.bin

C0, D0 etc. seem to be linked to ISP-specific firmware configurations, which is why it's best to stick to what your ISP recommends.
I've moved on to the TP-Link BE85 a while ago and now only use this Zyxel router as a backup.

Firmware 5.17 gefunden
https://support.zyxel.eu/hc...
https://www.dropbox.com/scl...

@Hillmann111
Those firmwares you linked to above are insecure and date back a couple of years.
The latest one is V5.17(ABPC.5)C0, released in late April 2024. It should be available if you ask your ISP. It includes a less ancient OpenSSL release (3.1.2) and security vulnerabilities fixes. more

FYI there is an official firmware dated August 9 2024 / 5.17(ABPC.5.2)C0 at https://www.zyxel.com/service-pr... -> Downloads & Resources. But if in doubt, better contact your ISP regardless. more

iway.ch (Swiss ISP) currently publishes the D0 firmware for this router here:

https://firmware.iway.ch/zyxel...

The following version is currently available:

V5.17(ABPC.5.3)D0 (Release date: 04.10.2024)

This firmware is also compatible with Init7 (I have tested it)

 more