ZLD4.73 & ZLD5.36 patch 2 Official Version Released to address Buffer Overflow Issues

Options
124678

All Replies

  • NEP
    NEP Posts: 61  Ally Member
    First Anniversary 10 Comments Friend Collector
    Options

    @annm We have two ATP devices. The portal was slow but accessible on one. The other would show the login page but not connect at all. Anyway, based on what had been said, we disconnected the WAN and restarted the devices. That made the portal accessible. However, in both cases, the process wasn't as simple as uploading the firmware.

    The first ATP prematurely showed a "Leave this page" prompt. Thinking it was done, even though it only took 30 seconds or so, I clicked on it. Naturally the firmware wasn't uploaded. Just make sure to let it sit for a couple minutes. This might be mitigated by clicking "Yes" to reboot after application. I always click "No" to verify that it was uploaded.

    For the second one, I had to reboot the device again after disconnecting the WAN and rebooting. Not sure why but it wouldn't accept the firmware otherwise. It did after that.

    All of these require physical access. Don't know if there are other solutions that may work for you. Good luck!

  • Pnagy
    Pnagy Posts: 4
    First Anniversary First Comment
    Options

    Hello,
    Unfortunately, both of our zyxels were affected by the attack (flex200, usg110). We have done the update. My question is, could the config be accessed during the attack?
    (lastgood, startup configs became fresh during the attack.)
    They could change the configuration on it, it is recommended that I change the passwords,
    or recommended other actions? Thanks for the help and answer

  • electsystech
    electsystech Posts: 23  Freshman Member
    First Anniversary 10 Comments Friend Collector
    Options

    So far we've been able to get into the router after a restart and then run the firmware update. It's best practise to keep download a copy of the startup-config file for a backup.

  • alexey
    alexey Posts: 188  Master Member
    First Anniversary 10 Comments Friend Collector
    Options

    Zyxel days wo shit in pants: 0

  • Zyxel_James
    Zyxel_James Posts: 616  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Options

    Hello @GruppoEmiliani
    If web/console is unavailable, please reboot the device to stabilize it first and be able to access it, then upgrade to 5.36Patch2.

    Hello @GiuseppeR
    I suggest you backup the configure first before upgrading to 5.36Patch2

    Hello @Pnagy
    The device would be safe after upgrading to 5.36Patch2, there is no further operation needed.

  • Zyxel_James
    Zyxel_James Posts: 616  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Options

    Hello @cechj , @annm
    I suggest you upgrade to 5.36Patch2 or 4.73Patch2

    Hello @GrahamWebb @nielsscheldeman @Unfiniti @MarkoD
    About this buffer overflow vulnerabilities, for more information please refer to this article


  • Zyxel_James
    Zyxel_James Posts: 616  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Options

    Hello @XMFI @GIOMIND
    If you need any previous firmware version, please contact me via private message

    Hello @NEP
    If you cannot upgrade the firmware successfully, please
    STEP1. Download and back up the current running startup-config.conf file. from MAINTENANCE > File Manager > Configuration File.
    STEP2. Reboot to the standby partition.
    STEP3. Apply the current running startup-config.conf file.
    STEP4. Update to our latest firmware V5.36P2.
    I suggest you do it nearby the device

  • Zyxel_Melen
    Zyxel_Melen Posts: 1,639  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Options

    Hi @nielsscheldeman,

    Thanks for bringing this to our attention.

    Upon further examination, it has come to our attention that an error in our operations led to the accidental upgrade of your firewall. We sincerely apologize for any inconvenience this may have caused you.

    If you encounter any problems after upgrading, please feel free to contact us.

    Zyxel Melen

  • GrahamWebb
    GrahamWebb Posts: 21  Freshman Member
    First Anniversary 10 Comments Friend Collector
    Options

    Sorry does this mean that there was a error by Zyxel that meant new firmware was pushed to the Zywalls when it shouldn't have been? I thought these issues were due to some kind of DOS attack dueto vulnarabilites?

  • Zyxel_James
    Zyxel_James Posts: 616  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Options

    @GrahamWebb It's not related to attack/vulnerability issue, it's caused by our incident operations. We sincerely apologize for any inconvenience.

Security Highlight