ZLD5.21 Patch1 Firmware release

Zyxel_Stanley
Zyxel_Stanley Posts: 1,378  Zyxel Employee
Sixth Anniversary 10 Comments 100 Answers Friend Collector
edited March 2022 in Security

Zyxel is committed to continuously updating your devices for important maintenance information. This latest release fixes all-round functions of ATP and USG FLEX series. If the device is using the App Patrol signature release V1.0.0.20220310.0 on 3/11/2022, DO NOT reboot the device until you have upgraded the device firmware to the latest ZLD5.21 Patch1.

Note:

- For firmware version earlier than ZLD5.00, please manually update the App Patrol signature before upgrading to ZLD5.21 P1  

- For ZLD5.00 and later version, you can upgrade firmware directly to ZLD5.21P1 to resolve the issue.


ZLD5.21 Patch1 fixes the following security issues:

1.     App Patrol signature V1.0.0.20220310.0

Fixed a parsing error in the Application signature V1.0.0.20220310.0. It may drive an error condition led to connectivity disruption.

 

2.     Zyxel-SI-1392, Zyxel-SI-1400

An authentication bypass vulnerability was found in the CGI program of ZLD firmware that could allow an attacker to bypass the web authentication and obtain administrative access of the device.  

 

Affected Version: ATP Series: ZLD V4.32 Patch0 through ZLD V5.20 Patch0/USG FLEX Series: ZLD V4.50 Patch0 through ZLD V5.20 Patch0/VPN Series: ZLD V4.30 Patch0 through ZLD V5.20 Patch0

 

3.     Zyxel-SI-1396

A cross-site scripting (XSS) vulnerability was found in the CGI program of ZLD firmware that could allow an attacker to execute malicious scripts through the web interface.

 

Affected Version: ATP Series: ZLD V4.35 Patch0 through ZLD V5.20 Patch0/USG FLEX Series: ZLD V4.50 Patch0 through ZLD V5.20 Patch0/VPN Series: ZLD V4.35 Patch0 through ZLD V5.20 Patch0


Release Date: March 16th, 2022

Supported Models: ZyWALL ATP Series/ ZyWALL USG FLEX Series

Share yours now! https://bit.ly/4aO0BMF

Stanley

All Replies

  • BoJack
    BoJack Posts: 4
    First Anniversary
    edited March 2022
    When will this show as available on Nebula?

    We still have units that once recovered and booted check in to Nebula and download 5.21(ABUH.0) and then reboot and get stuck again.

    Currently there is seemingly NO FIX for Nebula units.
  • PeterUK
    PeterUK Posts: 3,118  Guru Member
    Community MVP 2500 Comments Sixth Anniversary 100 Answers
    Surly you can disable update in Nebula?
  • xkp68
    xkp68 Posts: 26  Freshman Member
    Second Anniversary First Comment
    As i see many people complaining about the App Patrol signature issue, do you suggest to disable app control before proceding to update the firmware? if so, how can i do this via the web interface? I really want to avoid to be trapped in this issue. Thanks in advance...
  • Zyxel_Stanley
    Zyxel_Stanley Posts: 1,378  Zyxel Employee
    Sixth Anniversary 10 Comments 100 Answers Friend Collector
    edited March 2022
    Hi @xkp68
    If your device updated Application Patrol signature V1.0.0.20220310.0. It may drive device unable to boot successfully.
    If device still alive, you can upgrade to ZLD5.21 Patch1 directly.
    If device is unable to boot up anymore, you can follow recover steps to boot up your system first and then upgrade to 5.21 Patch1 firmware.

    Share yours now! https://bit.ly/4aO0BMF

    Stanley

Security Highlight