cve-2021-44228 log4j RCE - are Zyxel USG or ATP products vulnerable?

Options
ChipConnJohn
ChipConnJohn Posts: 44  Freshman Member
First Anniversary 10 Comments Zyxel Certified Network Administrator - Security Zyxel Certified Network Administrator - Nebula
Hi all,

I'm not seeing any information on whether these devices are vulnerable.  Anyone see a release from Zyxel?

All Replies

  • OTADMIN
    OTADMIN Posts: 15  Freshman Member
    First Anniversary 10 Comments Friend Collector
    Options
    Also looking for some information to secure our network.
    We don't have much facing the internet. Only our firewall, so i would like to know if it's vulnerable.
    If not, that would be great ofcourse. But a some information would be nice

  • Mijzelf
    Mijzelf Posts: 2,605  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    Options
    As Log4j is a Java application, and I can't imagine there is a Java virtual machine included in these embedded boxes, I don't think they are affected.
  • Zyxel_Vic
    Zyxel_Vic Posts: 281  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Options
    Hi @OTADMIN
    Thank you for sharing this information with us. We had aware this vulnerability announcement and we're now studying on it. We will put our findings on the Zyxel security advisories and update to you once we finished the researching.
  • C10B
    C10B Posts: 5
    First Anniversary First Comment
    Options
    It would be great if those advisories had dates listed. Should we just look at the top of the list in case anything about log4shell is added?
  • Dietrich
    Options
    Hi, what does "ZLD" Firmware mean?
  • USG_User
    USG_User Posts: 369  Master Member
    First Anniversary 10 Comments Friend Collector First Answer
    Options
    For USG firewalls (our device is USG110) ZLD means the normal firmware, current is v4.70 (AAPH.0)
  • Dietrich
    Options
    Thank you very much.

Security Highlight