ZLD4.73 & ZLD5.36 patch 2 Official Version Released to address Buffer Overflow Issues

NEP

@annm We have two ATP devices. The portal was slow but accessible on one. The other would show the login page but not connect at all. Anyway, based on what had been said, we disconnected the WAN and restarted the devices. That made the portal accessible. However, in both cases, the process wasn't as simple as uploading the firmware.

The first ATP prematurely showed a "Leave this page" prompt. Thinking it was done, even though it only took 30 seconds or so, I clicked on it. Naturally the firmware wasn't uploaded. Just make sure to let it sit for a couple minutes. This might be mitigated by clicking "Yes" to reboot after application. I always click "No" to verify that it was uploaded.

For the second one, I had to reboot the device again after disconnecting the WAN and rebooting. Not sure why but it wouldn't accept the firmware otherwise. It did after that.

All of these require physical access. Don't know if there are other solutions that may work for you. Good luck!

Pnagy

Hello,
Unfortunately, both of our zyxels were affected by the attack (flex200, usg110). We have done the update. My question is, could the config be accessed during the attack?
(lastgood, startup configs became fresh during the attack.)
They could change the configuration on it, it is recommended that I change the passwords,
or recommended other actions? Thanks for the help and answer

electsystech

https://community.zyxel.com/en/discussion/comment/52641#Comment_52641

So far we've been able to get into the router after a restart and then run the firmware update. It's best practise to keep download a copy of the startup-config file for a backup.

alexey

Zyxel days wo shit in pants: 0

Zyxel_James

Hello @GruppoEmiliani
If web/console is unavailable, please reboot the device to stabilize it first and be able to access it, then upgrade to 5.36Patch2.

Hello @GiuseppeR
I suggest you backup the configure first before upgrading to 5.36Patch2

Hello @Pnagy
The device would be safe after upgrading to 5.36Patch2, there is no further operation needed.

Zyxel_James

Hello @cechj , @annm
I suggest you upgrade to 5.36Patch2 or 4.73Patch2

Hello @GrahamWebb @nielsscheldeman @Unfiniti @MarkoD
About this buffer overflow vulnerabilities, for more information please refer to this article

https://community.zyxel.com/en/discussion/17111/zyxel-security-advisory-for-multiple-buffer-overflow-vulnerabilities-of-firewalls

Zyxel_James

Hello @XMFI @GIOMIND
If you need any previous firmware version, please contact me via private message

Hello @NEP
If you cannot upgrade the firmware successfully, please
STEP1. Download and back up the current running startup-config.conf file. from MAINTENANCE > File Manager > Configuration File.
STEP2. Reboot to the standby partition.
STEP3. Apply the current running startup-config.conf file.
STEP4. Update to our latest firmware V5.36P2.
I suggest you do it nearby the device

https://community.zyxel.com/en/discussion/13597/recovery-steps-if-you-cannot-update-the-firmware-in-the-running-partition

Zyxel_Melen

Hi @nielsscheldeman,

https://community.zyxel.com/en/discussion/comment/52582#Comment_52582

Thanks for bringing this to our attention.

Upon further examination, it has come to our attention that an error in our operations led to the accidental upgrade of your firewall. We sincerely apologize for any inconvenience this may have caused you.

If you encounter any problems after upgrading, please feel free to contact us.

GrahamWebb

https://community.zyxel.com/en/discussion/comment/52688#Comment_52688

Sorry does this mean that there was a error by Zyxel that meant new firmware was pushed to the Zywalls when it shouldn't have been? I thought these issues were due to some kind of DOS attack dueto vulnarabilites?

Zyxel_James

@GrahamWebb It's not related to attack/vulnerability issue, it's caused by our incident operations. We sincerely apologize for any inconvenience.