Zyxel security advisory for CRLF injection vulnerability in some legacy firewalls

Zyxel_Jason Posts: 374
25 Answers First Comment Friend Collector Fourth Anniversary
 Master Member


Zyxel is aware of a CRLF injection vulnerability in legacy USG100, USG200, USG300, USG20W, USG20, and USG50 firewalls. Since all of the affected models have reached end-of-vulnerability-support, users are advised to replace them with newer-generation models for optimal protection.

What is the vulnerability?

The CRLF injection vulnerability is due to improper input sanitization in the CGI program of some legacy Zyxel firewalls. This flaw could be used to conduct malicious attacks, such as cross-site scripting (XSS) and web cache poisoning.

What versions are vulnerable—and what should you do?

After a thorough investigation, we’ve identified only some legacy firewalls as being affected. The affected models, namely USG20, USG20W, USG50, USG100, USG200, and USG300, all entered end-of-vulnerability-support many years earlier. In accordance with industry product life cycle management practices, Zyxel advises customers to replace these legacy products with newer-generation models.

Got a question?

Please contact your local service rep or visit Zyxel’s forum for further information or assistance.

Acknowledgments and commentary

Thanks to Darren & Pedro from CipherTechs for reporting the issue to us.

Revision history

2022-06-07: Initial release