Zywall USG FLEX Series, ATP Series & VPN Series - V5.31 Firmware Release

Zyxel_Stanley

Zywall USG FLEX Series, ATP Series & VPN Series
Release Note
July, 2022

Firmware Version on all models

USG FLEX		ATP		VPN
USG FLEX 50	V5.31(ABAQ.0)	ATP100	V5.31(ABPS.0)	VPN50	V5.31(ABHL.0)
USG FLEX 50W	V5.31(ABAR.0)	ATP100W	V5.31(ABRW.0)	VPN100	V5.31(ABFV.0)
USG FLEX 100	V5.31(ABUH.0)	ATP200	V5.31(ABFW.0)	VPN300	V5.31(ABFC.0)
USG FLEX 100W	V5.31(ABWC.0)	ATP500	V5.31(ABFU.0)	VPN1000	V5.31(ABIP.0)
USG FLEX 200	V5.31(ABUI.0)	ATP700	V5.31(ABTJ.0)
USG FLEX 500	V5.31(ABUJ.0)	ATP800	V5.31(ABIQ.0)
USG FLEX 700	V5.31(ABWD.0)

New Feature and Enhancements

CLD=Cloud mode, STD=Standalone mode

No.	Enhancement	CLD	STD
1.	In the initial setup stage to detect LAN subnet if conflict with 192.168.1.1 then auto change to 192.168.10.1 redirect to myrouter.local	V	V
2.	Login Users table add Created Date column as same as User Object		V
3.	Device GUI add Astra cloud portal URL		V
4.	[eITS#211100981] Email Security Blocklist add i-note information		V
5.	[eITS#220101060, 220101420, 220200439] Enhanced the information in the CDR logs		V
6.	[eITS#220500069] Monitor > Log > View Log > "Email Log Now" error message is not clear to us		V
7.	USG FLEX100 and USG FLEX 100W max. VPN tunnels number upgrade to 50		V
8.	SSO feature enter maintenance mode and end of software service.		V
9.	Support access SNMP service from WAN interface	V

Bug Fix

CLD=Cloud mode, STD=Standalone mode

No.	Bug Fix	CLD	STD
1.	eITS#211200767 a. Fix: Incorrect SSL VPN dashboard statistics information		V
2.	eITS#220100656 a. USG FLEX 200 / DNS Content filter functional Issue		V
3.	eITS#220101259 a. Fix: IP malfunctioning when the VLAN wan interface is configured with specific subnet mask		V
4.	eITS#220200044 a. Fix: Error message when visiting Sandboxing page		V
5.	eITS#220300054 a. Fix: Virtual Server LB disconnected issue		V
6.	eITS#220400122 a. Fix: Address Object manipulation issue		V
7.	eITS#220400688 a. Fix: Malfunctioning on IPSec Connectivity check button		V
8.	eITS#220400957 a. Fix: Incorrect wireless monitoring data		V
9.	eITS#220401137 a. Fix: DNSBL malfunctioning issue		V
10.	eITS#220401321 a. Fix: Wildcard FQDN object issue which may affect the system stability		V
11.	eITS#220500188 a. Fix: Packet forwarding issue on Trunk interface		V
12.	eITS#220500690 a. Fix: SSLVPN service port keeps using the original port after manually customized it		V
13.	eITS#220500701 a. Fix: GUI information correction		V
14.	eITS#220500751 a. Fix: SSLVPN connectivity issue		V
15.	eITS#220500939 a. Fix: DHCP service stability issue		V
16.	eITS#220501025 a. Fix: AAA radius COA will be turned on after firmware update to V5.30		V
17.	eITS#220501052 a. Fix: VPN connectivity issue between Nebula and Non-Nebula VPN gateways		V
18.	eITS#220501182 a. Fix: VPN wizard malfunctioning issue		V
19.	eITS#220501267 a. Fix: Incorrect dashboard Virtual device Rear Panel wlan led status		V
20.	eITS#220501309 a. Fix: Static DHCP table importing issue		V
21.	eITS#220600336 a. Fix: Device stability enhancement		V
22.	eITS#220600447 a. Fix: What's new notification in the GUI malfunctioning.		V
23.	eITS#220600465 a. Fix: DHCP service stability issue		V
24.	Common vulnerabilities and Exposures: a. Local privilege escalation vulnerability fix (CVE-2022-30526) b. Authenticated directory traversal vulnerability fix (CVE-2022-2030) c. Security update of OpenSSL package (CVE-2022-0778)	V	V
25.	eITS#220200349 a. Fix: Microsoft AD authentication not work	V
26.	eITS#220301020 a. Fix: BWM functional issue on USG FLEX 50(W) when the device is managed by NCC	V
27.	eITS#220500277 a. Fix: Google Authentication Bypass	V
28.	eITS#220600408 a. Fix: Nebula bwm cannot work on ftp active mode.	V

Please refer to the Download Link for more details.

dkyeager

Here are the further details on the security fixes noted above.  See https://www.zyxel.com/us/en/support/Zyxel-security-advisory-authenticated-directory-traversal-vulnerabilities-of-firewalls.shtml  and https://www.cve.org/CVERecord?id=CVE-2022-0778