ZLD4.73 & ZLD5.36 patch 2 Official Version Released to address Buffer Overflow Issues

Zyxel_Stanley
Zyxel_Stanley Posts: 1,377  Zyxel Employee
100 Answers 1000 Comments Friend Collector Seventh Anniversary
edited April 25 in Security

Dear Community members.
 
We have been notified several VPN connection related issues and network interruptions reported to us currently. In response to this issue, we have expedited the development of firmware applicable to all models, which is intended to address and promptly rectify the situation.They are available for immediate downloads in below link
 
USG FLEX/ATP/VPN Series (Release date: May, 2023)

USG FLEX

ATP

VPN

USG FLEX 50

Download

ATP100

Download

VPN50

Download

USG FLEX 50W

Download

ATP100W

Download

VPN100

Download

USG FLEX 100

Download

ATP200

Download

VPN300

Download

USG FLEX 100W

Download

ATP500

Download

VPN1000

Download

USG FLEX 200

Download

ATP700

Download

USG FLEX 500

Download

ATP800

Download

USG FLEX 700

Download

USG/ZyWALL Series (Release date: May, 2023)

USG Series

ZyWALL Series

USG40

Download

ZyWALL110

Download

USG40W

Download

ZyWALL310

Download

USG60

Download

ZyWALL1100

Download

USG60W

Download

USG110

Download

USG210

Download

USG310

Download

USG1100

Download

USG1900

Download

USG2200

Download

«1345678

All Replies

  • GruppoEmiliani
    GruppoEmiliani Posts: 1
    Zyxel Certified Network Administrator - Switch First Comment

    Hello everyone,
    I can't reach the web console of the usg flex 100, how can I update the firmware? Do I necessarily have to reset it?

  • Mario
    Mario Posts: 106  Ally Member
    Zyxel Certified Network Engineer Level 1 - Security First Comment Friend Collector Fifth Anniversary

    Hi @GruppoEmiliani

    Please check the supportpage of Zyxel EMEA, there you find ann FAQ covering your issue:

    https://support.zyxel.eu/hc/en-us/articles/11616709217810

    good luck

    Mario

  • nielsscheldeman
    nielsscheldeman Posts: 49  Freshman Member
    First Comment Friend Collector Second Anniversary

    Hello, all out of a sudden 1 after another of our firewalls aren't reachable through console or do not have internetaccess, this in the past hour.

    However automatic firmware updating is disabled, is this something that has been pushed and now causes big problems?

  • BsalgadoEU
    BsalgadoEU Posts: 5
    First Comment Friend Collector Second Anniversary

    Hi @nielsscheldeman

    Please check the information and follow the guides indicated on our Zyxel EMEA Support Portal:

    https://support.zyxel.eu/hc/en-us/articles/11616709217810-Unstable-VPN-Connection-Webinterface-Login-Issues

    You might need to reboot your device to get access to stabilize it first and being able to access it. If you still have issues, please feel free to contact our Zyxel EMEA Support team on https://support.zyxel.eu

  • nielsscheldeman
    nielsscheldeman Posts: 49  Freshman Member
    First Comment Friend Collector Second Anniversary
    https://community.zyxel.com/en/discussion/comment/52571#Comment_52571

    This of course wasn't my question, I do know of the hotfix. My question is: why is this happening on al our firewall's at the same time when automatic updating is disabled? We have 50 ZyXEL FLEX Firewalls(mostly 100/200 and couple of 50/500's) running, 34 USG40/60 and 6 ZyWALL 110!! Many of them with (L2TP over) IPSEC tunnels configured… This is dramatic if we have to update all 90 of them on site.

  • MarkoD
    MarkoD Posts: 58  Ally Member
    First Answer First Comment Friend Collector Fifth Anniversary
    edited May 2023

    We also have circa 3 USG40W and 3 USG60 deployed and half of them are affected by this incident. USG40W becomes totally unreachable after about 2 hours and USG60 is reachable, however it drops all VPN connections after a couple of minutes.

    PS: To mitigate the issue until we can update the FW on-site, it helped to limit WAN ports for VPN using Geo-IPs (in Policy Rules).

  • Zyxel_Vic
    Zyxel_Vic Posts: 282  Zyxel Employee
    25 Answers First Comment Friend Collector Seventh Anniversary

    Hi @nielsscheldeman

    It shouldn't be force upgrade on your device, are all your on-cloud devices be upgraded automatically? Would you share your org information with us in private message and we'd like to learn more from it.

    We deeply apologized for certain inconvenience happened to you.

    Thank you

  • nielsscheldeman
    nielsscheldeman Posts: 49  Freshman Member
    First Comment Friend Collector Second Anniversary
    https://community.zyxel.com/en/discussion/comment/52585#Comment_52585

    Will do that shortly. But now we have upgraded couple of the most urgent ones with site 2 site connections (14 devices have site 2 site, client to site think we have like 20 of those) to the firmware I downloaded above for FLEX 200 (V5.36(ABUI.1)ITS-23WK21-r109592 / 2023-05-23 18:54:50) which is V5.36 Patch 1.

    Now we receive a mail from ZyXEL which shows me this:

    afbeelding.png

    Please don't tell me that Patch 1 is impacted as well??

  • MarkoD
    MarkoD Posts: 58  Ally Member
    First Answer First Comment Friend Collector Fifth Anniversary

    @nielsscheldeman The FW version you have applied (V5.36(ABUI.1)ITS-23WK21-r109592 / 2023-05-23 18:54:50) isn't "Patch 1", but a "Patch-1 Hotfix-23WK21" firmware which should be the same as Patch 2 (which is the official FW bundle).

  • XMFI
    XMFI Posts: 3
    First Comment

    Hello

    I've got several IPSEC VPN with a center USG210 and the branches are on old USG20 series (7)

    Is there a fix or a method to mount the VPN since the hotfix.

    I've already installer the fix for the USG210 but the others usg20 are stuck and the VPN won't lift.

Categories

Security Highlight


Read more

Security Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)