Consumer Rights Wiki - User contributions [en]

Zyxel

2025-08-17T21:05:56Z

Kloosy goosy:

{{Stub}}{{CompanyCargo
| Founded = 1989
| Industry = Telecommunication
| Logo = Zyxel Logo.png
| ParentCompany = Zyxel Group Corp
| Type = Private
| Website = https://www.zyxel.com/
}}
[[wikipedia:Zyxel|Zyxel]] is a telecommunication company that was founded in 1989 in Taiwan. They are most known to create consumer grade routers but also produces enterprise equipment.

'''Zyxel Communications Corporation is''' a subisidiary of Zyxel Group Corporation.

==Incidents==

===Zyxel refuses to release patches for actively exploited zero day vulnerabilities(2024-2025)===
Zyxel released a statement where they have no plans to release a patch for two actively exploited flaws in its routers, potentially affecting thousands of customers.

Zyxel advised customers to buy new routers despite the affected routers were still possible to buy online.<ref>{{Cite web |date=2025-02-04 |title=Zyxel security advisory for command injection and insecure default credentials vulnerabilities in certain legacy DSL CPE |url=https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-and-insecure-default-credentials-vulnerabilities-in-certain-legacy-dsl-cpe-02-04-2025 |url-status=live |archive-url=https://web.archive.org/web/20250209091247/https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-and-insecure-default-credentials-vulnerabilities-in-certain-legacy-dsl-cpe-02-04-2025 |archive-date=2025-02-09 |website=Zyxel}}</ref><ref>{{Cite web |last=Page |first=Carly |date=5 Feb 2025 |title=Router maker Zyxel tells customers to replace vulnerable hardware exploited by hackers |url=https://techcrunch.com/2025/02/05/router-maker-zyxel-tells-customers-to-replace-vulnerable-hardware-exploited-by-hackers/ |url-status=live |access-date=28 Mar 2025 |website=TechCrunch}}</ref><ref>{{Cite web |last=Whittaker |first=Zack |date=5 Feb 2025 |title=Wow. Router maker Zyxel says it has no plans to release a patch for two *actively exploited* flaws in its routers affecting potentially thousands of customers. Instead, Zyxel is advising customers to rip out affected devices and buy new routers. However, the affected buggy routers are still available for purchase. |url=https://mastodon.social/@zackwhittaker/113951421812871589 |url-status=live |access-date=28 Mar 2025 |website=Mastodon}}</ref>

==References==
{{reflist}}

[[Category:{{PAGENAME}}]]

3CX

2025-08-17T21:05:41Z

Kloosy goosy: Added wikipedia link

{{StubNotice}}
[[wikipedia:3CX|3CX, Inc.]], is a software development company and developer of the 3CX Phone System<ref name=":0">{{Cite web |last= |title=ENTERPRISE GRADE PHONE SYSTEM |url=https://www.3cx.com/phone-system/ |archive-url=https://web.archive.org/web/20250813032918/https://www.3cx.com/phone-system/ |archive-date=2025-08-13 |access-date=2025-08-13 |website=3cx.com}}</ref> founded in Cyprus in 2005-11-01.

{{CompanyCargo
| Founded = 2005-11-01
| Industry = Telecommunication
| Website = https://www.3cx.com/
| Logo = 3CX Logo Grey background-1028917583.png
| Type = Private
}}

The 3CX Phone System is a software private branch exchange based on the [[wikipedia:Session_Initiation_Protocol|Session Initiation Protocol]] (SIP) standard to allow calls via the public switched telephone network (PSTN) or via [[wikipedia:Voice_over_IP|Voice over Internet Protocol]] (VoIP) services <ref name=":0" />.

In 2023, during a major supply chain attack affecting the 3CX desktop application, company's public response included engaging the services of Google-owned cybersecurity firm [[wikipedia:Mandiant|Mandiant]]<ref>{{Cite web |last=Lakshmanan |first=Ravie |date=Mar 31, 2023 |title=3CX Supply Chain Attack — Here's What We Know So Far |url=https://thehackernews.com/2023/03/3cx-supply-chain-attack-heres-what-we.html |archive-url=https://web.archive.org/web/20250627055223/https://thehackernews.com/2023/03/3cx-supply-chain-attack-heres-what-we.html |archive-date=June 27, 2025 |access-date=2025-08-12 |website=thehackernews.com}}</ref> and advising customers to uninstall affected versions.

==Controversies==

====Customer and Partner Relations====
The company's CTO, Nick Galea, has been the subject of criticism from some 3CX users and partners for alleged heavy-handed moderation practices and perceived unprofessional conduct in public forums. Multiple users on Reddit have reported being banned from the official 3CX community forums for raising technical concerns or criticizing company policies. <ref>{{Cite web |title=My 3CX Partnership Deleted and All Linked Clients Lost |url=https://www.reddit.com/r/3CX/comments/xev0u5/my_3cx_partnership_deleted_and_all_linked_clients/}}</ref><ref>{{Cite web |title=Banned from the 3CX Community |url=https://www.reddit.com/r/3CX/comments/xn0ztp/banned_from_the_3cx_community/}}</ref>

====Supply Chain Incident Response====
In March 2023, 3CX was the victim of a high-profile supply chain attack, thought to be the result of a cascade failure starting with the software X_Trader. This attack was linked to an earlier hack by North Korean hackers to software company [https://www.marketswiki.com/wiki/Trading_Technologies_International Trading Technologies]. A 3CX employee's PC with the Trading Technologies App was used by the hackers to compromise their software and distribute malware to consumers. <ref>{{Cite news |last=Greenberg |first=Andy |date=Apr 20, 2023 |title=The Huge 3CX Breach Was Actually 2 Linked Supply Chain Attacks |url=https://www.wired.com/story/3cx-supply-chain-attack-times-two/ |archive-url=https://web.archive.org/web/20250726115243/https://www.wired.com/story/3cx-supply-chain-attack-times-two/ |archive-date=July 26, 2025 |work=Wired |pages=2025-08-12}}</ref>

3CX also faced backlash for requiring users to pay to open support tickets during the breach, which led to further public criticism from system administrators and IT professionals.<ref>{{Cite web |last=CrowdStrike |date=2023-03-29 |title=// 2023-03-29 // SITUATIONAL AWARENESS // CrowdStrike Tracking Active Intrusion Campaign Targeting 3CX Customers // |url=https://www.reddit.com/r/crowdstrike/comments/125r3uu/20230329_situational_awareness_crowdstrike/ |website=reddit}}</ref><blockquote>"I have been in contact with 3CX and their suggestion is to open a support ticket at £75 per incident. Ludicrous." -wars_t (reddit.com) </blockquote>

==References:==
<references />
[[Category:3CX]]

Zyxel

2025-08-17T21:00:42Z

Kloosy goosy: Added company cargo, added which country it was founded in, moved incident into the incident tab, removed unused headers. cleaned the references.

{{Stub}}{{CompanyCargo
| Founded = 1989
| Industry = Telecommunication
| Logo = Zyxel Logo.png
| ParentCompany = Zyxel Group Corp
| Type = Private
| Website = https://www.zyxel.com/
}}
Zyxel is a telecommunication company that was founded in 1989 in Taiwan. They are most known to create consumer grade routers but also produces enterprise equipment.

'''Zyxel Communications Corporation is''' a subisidiary of Zyxel Group Corporation.

==Incidents==

=== Zyxel refuses to release patches for actively exploited zero day vulnerabilities(2024-2025) ===
Zyxel released a statement where they have no plans to release a patch for two actively exploited flaws in its routers, potentially affecting thousands of customers.

Zyxel advised customers to buy new routers despite the affected routers were still possible to buy online.<ref>{{Cite web |date=2025-02-04 |title=Zyxel security advisory for command injection and insecure default credentials vulnerabilities in certain legacy DSL CPE |url=https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-and-insecure-default-credentials-vulnerabilities-in-certain-legacy-dsl-cpe-02-04-2025 |url-status=live |archive-url=https://web.archive.org/web/20250209091247/https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-and-insecure-default-credentials-vulnerabilities-in-certain-legacy-dsl-cpe-02-04-2025 |archive-date=2025-02-09 |website=Zyxel}}</ref><ref>{{Cite web |last=Page |first=Carly |date=5 Feb 2025 |title=Router maker Zyxel tells customers to replace vulnerable hardware exploited by hackers |url=https://techcrunch.com/2025/02/05/router-maker-zyxel-tells-customers-to-replace-vulnerable-hardware-exploited-by-hackers/ |url-status=live |access-date=28 Mar 2025 |website=TechCrunch}}</ref><ref>{{Cite web |last=Whittaker |first=Zack |date=5 Feb 2025 |title=Wow. Router maker Zyxel says it has no plans to release a patch for two *actively exploited* flaws in its routers affecting potentially thousands of customers. Instead, Zyxel is advising customers to rip out affected devices and buy new routers. However, the affected buggy routers are still available for purchase. |url=https://mastodon.social/@zackwhittaker/113951421812871589 |url-status=live |access-date=28 Mar 2025 |website=Mastodon}}</ref>

==References==
{{reflist}}

[[Category:{{PAGENAME}}]]

3CX

2025-08-17T20:29:23Z

Kloosy goosy: Added company cargo, added which country it was founded in

{{StubNotice}}
3CX, Inc., is a software development company and developer of the 3CX Phone System<ref name=":0">{{Cite web |last= |title=ENTERPRISE GRADE PHONE SYSTEM |url=https://www.3cx.com/phone-system/ |archive-url=https://web.archive.org/web/20250813032918/https://www.3cx.com/phone-system/ |archive-date=2025-08-13 |access-date=2025-08-13 |website=3cx.com}}</ref> founded in Cyprus in 2005-11-01.

{{CompanyCargo
| Founded = 2005-11-01
| Industry = Telecommunication
| Website = https://www.3cx.com/
| Logo = 3CX Logo Grey background-1028917583.png
| Type = Private
}}

The 3CX Phone System is a software private branch exchange based on the [[wikipedia:Session_Initiation_Protocol|Session Initiation Protocol]] (SIP) standard to allow calls via the public switched telephone network (PSTN) or via [[wikipedia:Voice_over_IP|Voice over Internet Protocol]] (VoIP) services <ref name=":0" />.

In 2023, during a major supply chain attack affecting the 3CX desktop application, company's public response included engaging the services of Google-owned cybersecurity firm [[wikipedia:Mandiant|Mandiant]]<ref>{{Cite web |last=Lakshmanan |first=Ravie |date=Mar 31, 2023 |title=3CX Supply Chain Attack — Here's What We Know So Far |url=https://thehackernews.com/2023/03/3cx-supply-chain-attack-heres-what-we.html |archive-url=https://web.archive.org/web/20250627055223/https://thehackernews.com/2023/03/3cx-supply-chain-attack-heres-what-we.html |archive-date=June 27, 2025 |access-date=2025-08-12 |website=thehackernews.com}}</ref> and advising customers to uninstall affected versions.

==Controversies==

====Customer and Partner Relations====
The company's CTO, Nick Galea, has been the subject of criticism from some 3CX users and partners for alleged heavy-handed moderation practices and perceived unprofessional conduct in public forums. Multiple users on Reddit have reported being banned from the official 3CX community forums for raising technical concerns or criticizing company policies. <ref>{{Cite web |title=My 3CX Partnership Deleted and All Linked Clients Lost |url=https://www.reddit.com/r/3CX/comments/xev0u5/my_3cx_partnership_deleted_and_all_linked_clients/}}</ref><ref>{{Cite web |title=Banned from the 3CX Community |url=https://www.reddit.com/r/3CX/comments/xn0ztp/banned_from_the_3cx_community/}}</ref>

====Supply Chain Incident Response====
In March 2023, 3CX was the victim of a high-profile supply chain attack, thought to be the result of a cascade failure starting with the software X_Trader. This attack was linked to an earlier hack by North Korean hackers to software company [https://www.marketswiki.com/wiki/Trading_Technologies_International Trading Technologies]. A 3CX employee's PC with the Trading Technologies App was used by the hackers to compromise their software and distribute malware to consumers. <ref>{{Cite news |last=Greenberg |first=Andy |date=Apr 20, 2023 |title=The Huge 3CX Breach Was Actually 2 Linked Supply Chain Attacks |url=https://www.wired.com/story/3cx-supply-chain-attack-times-two/ |archive-url=https://web.archive.org/web/20250726115243/https://www.wired.com/story/3cx-supply-chain-attack-times-two/ |archive-date=July 26, 2025 |work=Wired |pages=2025-08-12}}</ref>

3CX also faced backlash for requiring users to pay to open support tickets during the breach, which led to further public criticism from system administrators and IT professionals.<ref>{{Cite web |last=CrowdStrike |date=2023-03-29 |title=// 2023-03-29 // SITUATIONAL AWARENESS // CrowdStrike Tracking Active Intrusion Campaign Targeting 3CX Customers // |url=https://www.reddit.com/r/crowdstrike/comments/125r3uu/20230329_situational_awareness_crowdstrike/ |website=reddit}}</ref><blockquote>"I have been in contact with 3CX and their suggestion is to open a support ticket at £75 per incident. Ludicrous." -wars_t (reddit.com) </blockquote>

==References:==
<references />
[[Category:3CX]]

Rohde & Schwarz

2025-06-02T22:41:40Z

Kloosy goosy: Created Rohde & Schwartz article. Todo: Create Incident page to go indepth about the incident. write the wiki page better. Add more references

{{InfoboxCompany
| Name = Rohde & Schwarz GmbH & Co. KG
| Type =Private
| Founded =1933
| Industry =Electronic test equipment
| Official Website =https://www.rohde-schwarz.com
| Logo =Rohde schwars logo Images.png
}}[[wikipedia:Rohde_&_Schwarz|Rohde & Schwartz]] is a German founded company specializes in electronic, they are founded in 1933 and they specifically specialize in the fields of electronic test equipment, broadcast & media, cybersecurity, radiomonitoring and radiolocation, and radiocommunication.

Rohde & Schwartz has their headquarters in Munich in Germany, they also have regional headquarters in the United States and in Asia.

==Incidents==
===Refusal to allow usage of non company email addresses===
{{Main|link to the main article}}
Rohde & Schwarz refuse to allow usage of non company email addresses to download software update and documentation for their equipment.<ref>{{Cite web |last=Reps |first=Marco |title=Youtube Video: Beyond Scope. What else can R&S MXO4 do with Open Source Hard- & Software? |url=https://www.youtube.com/watch?v=UQKZS4z8P-w}}</ref><ref>{{Cite web |title=EEVblog Forum post: Anyone noticed that Rohde & Schwarz is blocking firmware informations / updates? |url=https://www.eevblog.com/forum/testgear/anyone-noticed-that-rohde-schwarz-is-blocking-firmware-informations-updates/}}</ref>

==References==
{{reflist}}

[[Category:{{PAGENAME}}]]

File:Rohde schwars logo Images.png

2025-06-02T22:08:02Z

Kloosy goosy: