Guidance to help identify, remediate and defend against this security incident
ZLD4.65 for ZyWALL USG Series/ZyWALL 110/310/1100
ZLD5.02 for ZyWALL ATP Series/USG FLEX Series/VPN Series
You can do cloud auto upgrade by clicking the cloud icon.
Or download firmware from Myzyxel.com server and upload firmware from local PC.
Password notification and security policy check are implemented in this release. Follow below steps to provide optimized protection to your device.
Password change notification
After upgrading firmware to 4.65/5.02, your first login attempt will pop-up a password change notification page that includes,
a. All admin-type user accounts
b. Date of the last password change
c. Password expiration date
We strongly recommend to change all admin-type password again and remove all unwanted admin account.
Security Policy Check
If there is any HTTPS/SSL VPN service port open from WAN to ZyWALL without any restriction on source address, a Security Check Notification page will pop up.
Follow the wizard to change service port for HTTPS/ SSL VPN with trusted Host and change 2FA authentication service port.
After finish, system will auto create policy control rules.
Note: If you changed Web management service port to others, then you have to enter correct service port in your browser to log back in
We also strongly recommend running a thorough configuration examination to see if your device has been compromised. From our field observation, the compromised device will add unwanted accounts and add Policy/Firewall rules to allow undesired traffic into your network.
Delete the unknown accounts
Remove the unknown firewall rules
If you are unable to immediately upgrade to the latest available firmware, please follow the Mitigation Steps to minimize the risk. However, the best solution is still to upgrade to the latest available firmware.