ZLD4.65 & 5.02 Firmware release

Zyxel_Stanley Posts: 1,075  Zyxel Employee
edited August 2021 in Security Gateway New Release

Zyxel has been tracking the recent activity of threat actors targeting Zyxel security appliances and has released firmware patches to defend against it. The patches also include additional security enhancements based on users’ feedback and security researchers’ advice, which we strongly recommend users install immediately. A guidance to help you identify, remediate, and defend against the incident is available on the Zyxel forum.

The new features include:

  • CVE-2021-35029

Vulnerability fix for web-based management interface of Zyxel USG/ZyWALL, USG FLEX, ATP and VPN series

  • Two-Factor Authentication Enhancement

Supports configurable 2FA service port

  • Security Check Enhancement

Disables HTTP port automatically while allowing WAN management in security check wizard

  • Password Change Reminder
Reminds privileged accounts to change their passwords for security
  • Log Enhancement

Enhances admin-type user change logs to alert level

Release Date: July 6th, 2021

Supported Models:

Firmware ZLD V4.65: ZyWALL USG Series/ ZyWALL 110/310/1100

Firmware ZLD V5.02: ZyWALL ATP Series/ ZyWALL USG FLEX Series/ ZyWALL VPN Series



  • mMontana
    mMontana Posts: 578  Guru Member
    edited July 2021
    Holy kamoly! An update, and a CVE!
    It' been quite a rough week...
    Can this CVE been exploited also on 3.x firmwares?
  • Asgatlat
    Asgatlat Posts: 70  Ally Member
    is it important to patch also the standby FW image ?
  • mMontana
    mMontana Posts: 578  Guru Member
    Currently, I'm keeping 4.64 as a fallback. After 2/3 weeks of uninterrupted working time, i'll upgrade also the standby image.
    Hoping that soon the FragAttack fix will come...
  • Is there a link to download the firmware?  Cloud upgrade is failing checksum on my device.
  • Zyxel_Vic
    Zyxel_Vic Posts: 260  Zyxel Employee
    edited July 2021
    Hi @SunglassesGuy
    You can download the firmware from the Myzyxel, here it is the link. Then you can upgrade the firmware locally.
  • Hoongks
    Hoongks Posts: 12
    for admin login, I have being using the yubico hardware authenticator, it good to include the other capabilities of hardware beside beside OTP for the 2FA
  • DiesseInformatica
    edited July 2021
    why in secuReporter not add the alert when an admin user is created ?
    Simple add but important to monitoring many firewalls if someone create an admin user .
  • Zyxel_Vic
    Zyxel_Vic Posts: 260  Zyxel Employee
    Hi @CoreSG

    Thanks for your valuable suggestions. Currently we support Google Authentication for VPN access when the device is controlled by NCC. As well as ATP series in near future. 

  • Zyxel_Vic
    Zyxel_Vic Posts: 260  Zyxel Employee
    Hi @DiesseInformatica
    Thanks for the suggestion, currently we added certain information in the log firstly. We will consider about your suggestions and put this idea in our evaluating queue.