ZLD5.21 Patch1 Firmware release

Zyxel_Stanley

Zyxel is committed to continuously updating your devices for important maintenance information. This latest release fixes all-round functions of ATP and USG FLEX series. If the device is using the App Patrol signature release V1.0.0.20220310.0 on 3/11/2022, DO NOT reboot the device until you have upgraded the device firmware to the latest ZLD5.21 Patch1.

ZLD5.21 Patch1 fixes the following security issues:

1.     App Patrol signature V1.0.0.20220310.0

Fixed a parsing error in the Application signature V1.0.0.20220310.0. It may drive an error condition led to connectivity disruption.

 

2.     Zyxel-SI-1392, Zyxel-SI-1400

An authentication bypass vulnerability was found in the CGI program of ZLD firmware that could allow an attacker to bypass the web authentication and obtain administrative access of the device.  

 

Affected Version: ATP Series: ZLD V4.32 Patch0 through ZLD V5.20 Patch0/USG FLEX Series: ZLD V4.50 Patch0 through ZLD V5.20 Patch0/VPN Series: ZLD V4.30 Patch0 through ZLD V5.20 Patch0

 

3.     Zyxel-SI-1396

A cross-site scripting (XSS) vulnerability was found in the CGI program of ZLD firmware that could allow an attacker to execute malicious scripts through the web interface.

 

Affected Version: ATP Series: ZLD V4.35 Patch0 through ZLD V5.20 Patch0/USG FLEX Series: ZLD V4.50 Patch0 through ZLD V5.20 Patch0/VPN Series: ZLD V4.35 Patch0 through ZLD V5.20 Patch0

Release Date: March 16th, 2022

Supported Models: ZyWALL ATP Series/ ZyWALL USG FLEX Series