CVE-2016-10227 Zyxel CVE debrief

Who should care

Administrators and defenders responsible for Zyxel USG50 and NWA3560-N deployments should prioritize this issue, especially where the devices sit at network edges or handle Internet-facing traffic. SOC teams and network operations staff should also watch for abnormal ICMP activity and device CPU spikes.

Technical summary

The NVD record describes a denial-of-service condition in Zyxel USG50 Security Appliance and NWA3560-N Access Point firmware. A remote attacker can send a flood of ICMPv4 Port Unreachable packets that leads to CPU consumption on the affected device. The NVD CVSS vector is CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, and the weakness is categorized as CWE-399.

Defensive priority

High. The issue is remotely reachable, requires no privileges or user interaction, and can reduce service availability on exposed network appliances. Systems matching the listed Zyxel firmware CPEs should be reviewed promptly.

Recommended defensive actions

• Identify whether any Zyxel USG50 firmware or NWA3560-N firmware matches the vulnerable CPEs listed by NVD.
• Review the Zyxel vendor advisory referenced in the CVE record for mitigation or patch guidance.
• Limit exposure of management and security appliances to untrusted networks where possible.
• Monitor for unusual ICMPv4 Port Unreachable traffic and correlated CPU utilization spikes on affected devices.
• Validate whether the vendor has provided a firmware update or configuration workaround for your deployed model and firmware line.

Evidence notes

This debrief is based on the supplied NVD CVE record and its referenced vendor and secondary sources. The CVE was first published on 2017-02-21 and later modified on 2026-05-13 in the supplied record metadata. NVD lists vulnerable firmware CPEs for Zyxel USG50 and NWA3560-N, and the CVSS vector indicates a network-reachable availability-only denial of service. No explicit fixed-version remediation data was included in the supplied corpus.

Official resources