Guidance to help identify, remediate and defend against this security incident

Zyxel_Forum_Admin Posts: 125  Admin
First Anniversary 10 Comments Friend Collector
edited June 2022 in Maintenance

We strongly recommend to upgrade your device firmware to ZLD4.65/5.02 in order to mitigate the risk of this security incident


ZLD4.65 for ZyWALL USG Series/ZyWALL 110/310/1100

ZLD5.02 for ZyWALL ATP Series/USG FLEX Series/VPN Series

You can do cloud auto upgrade by clicking the cloud icon.

Or download firmware from server and upload firmware from local PC.

Password notification and security policy check are implemented in this release. Follow below steps to provide optimized protection to your device.


Password change notification

After upgrading firmware to 4.65/5.02, your first login attempt will pop-up a password change notification page that includes,

a.       All admin-type user accounts

b.       Date of the last password change

c.       Password expiration date

We strongly recommend to change all admin-type password again and remove all unwanted admin account.

Security Policy Check

If there is any HTTPS/SSL VPN service port open from WAN to ZyWALL without any restriction on source address, a Security Check Notification page will pop up.

Follow the wizard to change service port for HTTPS/ SSL VPN with trusted Host and change 2FA authentication service port.

After finish, system will auto create policy control rules.

Note: If you changed Web management service port to others, then you have to enter correct service port in your browser to log back in

We also strongly recommend running a thorough configuration examination to see if your device has been compromised.  From our field observation, the compromised device will add unwanted accounts and add Policy/Firewall rules to allow undesired traffic into your network.

Delete the unknown accounts

Remove the unknown firewall rules

If you are unable to immediately upgrade to the latest available firmware, please follow the Mitigation Steps to minimize the risk. However, the best solution is still to upgrade to the latest available firmware.