[Release Note] Zyxel BE series Access Point - V7.20 Patch 1 firmware has been released






BE series Access Points Firmware Release Note
July 2025
Overview
This document provides firmware release information on Zyxel Access Points platforms, introduce new Access Points, new features and enhancements, bug fix, known issues and workarounds information for Release V7.20 Patch 1 C0.
Supported Platforms
(Click Hyperlink to download the firmware directly)
WiFi 7 model(s):
Zyxel WBE660S - V7.20(ACGG.1)C0
Zyxel WBE630S - V7.20(ACLW.1)C0
Zyxel WBE530 - V7.20(ACLE.1)C0
Zyxel WBE510D - V7.20(ACLX.1)C0
Zyxel NWA210BE - V7.20(ACLY.1)C0
Zyxel NWA110BE - V7.20(ACLZ.1)C0
Zyxel NWA130BE - V7.20(ACIL.1)C0
Zyxel NWA30BE - V7.20(ACPI.1)
Zyxel NWA50BE - V7.20(ACPB.1)
Zyxel NWA50BE PRO - V7.20(ACPC.1)
Zyxel NWA55BE - V7.20(ACPH.1)
Zyxel NWA90BE - V7.20(ACPD.1)
Zyxel NWA90BE PRO - V7.20(ACPE.1)
Zyxel IAP500BE - V7.20(ACPJ.1)
New Features and Enhancements
1. The following new AP models are now supported in this release: NWA50BE, NWA50BE PRO, NWA90BE, and NWA90BE PRO. These models are Small Business-class Wi-Fi 7 NebulaFlex Access Points, supporting both standalone mode and nebula cloud-managed mode.
2. Added support for the Administrative Access feature on supported models on Nebula Control Center. This feature allows access to device services (e.g., SSH, HTTPS) only from trusted IP addresses.
⚠️ Important: After upgrading to firmware version 7.20, if you have previously configured Switch Access Management on the Nebula Control Center, your managed access points will only be manageable from trusted IP addresses.
3. A configurable syslog prefix is now available on Nebula Control Center for external syslog servers.
4. With the release of firmware version 7.20, Zyxel Access Points operating in 802.11be (Wi-Fi 7) mode now comply with enhanced security requirements in accordance with the IEEE 802.11be standard — including support in mesh mode. For more detail, please visit Zyxel Community post https://community.zyxel.com/en/discussion/28852/ .
Bug Fix
Bug fix | C | M | S |
1. [eITS: 241001206] [Symptom] Event log shows Station: 00:00:00:00:00:00 blocked by Unknown on MLO SSID | V | V | V |
2. [eITS: 241200172] [Symptom] Unable to update the firmware via Nebula and event log did not show upgrade firmware fail. | V | - | - |
3. [eITS: 250201446] [Symptom] DCS start channel selection procedure's timestamp does not reflect the moment when DCS starts scanning. | V | V | V |
4. [Vulnerability] CVE-2025-6265 Potential path traversal vulnerability | V | V | V |
Known Issue
Known Issue | C | M | S |
1. [SPRID: 240913082] [Symptom] Stations cannot authenticate when an SSID is configured with MLO (4G+5G bands) and the security mode is set to WPA3 with MAC Authentication via RADIUS. | V | - | - |
2. [SPRID: 241216264] [Symptom] When the WAC5302D-Sv2 model is used as the Root in a Mesh setup, and Wi-Fi 7 series models with firmware versions 7.00 & 7.10 are used as Repeaters, the Mesh connection cannot be established. | V | - | - |
3. [SPRID: 241219350] [Symptom] The wireless monitoring data exhibits abnormal behavior. | V | - | - |
4. [SPRID: 250402043] [Symptom] When an MLO client connects to the SSID, the authentication field of client page does not display voucher. | V | - | - |
5. [SPRID: 250402050] [Symptom] Under this configuration combination : Sign-on with my RADIUS enabled along with MAC authentication fallback. The behavior of MLO clients after connecting may not be as expected: a. Traffic does not pass through (no connectivity) b. Client remains online after reconnecting, even without re- authentication c. After completing MAC authentication, the client is redirected to the captive portal | V | - | - |
6. [SPRID: 250627398] [Symptom] 5G radio is 11be mode + MLO enabled + security is enhance open, after wireless client which support enhance open security connected the SSID field of client list will show SSID name(transition mode) | V | V | V |
7. [SPRID: 250714115] [Symptom] After the wireless STA connects to the initial SSID, the AP's web GUI is accessible, but pinging the AP's IP address fails. | V | V | V |
8. . [WBE630/WBE510/NWA110BE/NWA210BE] [Symptom] The access point may reboot unexpectedly when the 2.4GHz radio is configured in BE mode. To prevent this, the 2.4GHz radio mode has been converted to AX mode. | V | V | V |
9. [SPRID: 241106062] [Fast Roaming] [Symptom] The station experienced a disconnection caused by a reauthentication failure that occurred immediately after its first fast roaming event. | V | - | V |
Limitation of Settings
Limitation | C | M | S |
1. [SPRID: 241203097] [Symptom] When the Mesh topology consists of a non-supported MLO Root combined with MLO Repeater Hop1 and Hop2, it may affect the Repeater's downlink and cause issues with the service VAP lacking MLO functionality. | V | - | - |
Comments
-
This release seems to enable MLO on standalone NWA130BE devices, but that's not listed as the new features and doesn't seem to be configurable. Is there a way to disable/enable it?
0 -
Hi @ScottE
MLO is enabled when your AP is using standalone mode and can't be configured. You may reference this FAQ for more details:
Zyxel Melen0
Categories
- All Categories
- 435 Beta Program
- 2.7K Nebula
- 176 Nebula Ideas
- 119 Nebula Status and Incidents
- 6.1K Security
- 431 USG FLEX H Series
- 299 Security Ideas
- 1.6K Switch
- 79 Switch Ideas
- 1.2K Wireless
- 44 Wireless Ideas
- 6.7K Consumer Product
- 276 Service & License
- 428 News and Release
- 88 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 4.2K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 89 Security Highlight