Buffer overflow issue FAQ

Zyxel_Emily Posts: 1,325  Zyxel Employee
First Anniversary 10 Comments Friend Collector First Answer
edited April 25 in Security

Q1. What are the impact model and version for this buffer overflow issue?

Affected series

Affected version

Patch availability


ZLD V4.32 to V5.36 Patch1

ZLD V5.36 Patch 2


ZLD V4.50 to V5.36 Patch 1

ZLD V5.36 Patch 2



ZLD V4.25 to V5.36 Patch 1

ZLD V5.36 Patch 2


ZLD V4.30 to V5.36 Patch 1

ZLD V5.36 Patch 2


ZLD V4.25 to ZLD V4.73 Patch 1 

ZLD V4.73 Patch 2

Q2. What are the vulnerability details?

The buffer overflow vulnerability could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions even a remote code execution on an affected device and cause IPSec daemon corrupted.

Q3. What are the symptoms?

(1) VPN tunnel disconnection.

(2) No internet service.

(3) The device may hang, resulting in the inability to access the device's local web-GUI and receive CLI responses.

Q4. What should I do to mitigate the risk?

We strongly suggest you upgrade the device to the latest release. You can find out the download link here 

If you’re unable to do firmware upgrading immediately, please follow the steps below to edit security policy.

Based on our investigation so far, VPN service is the targeting. We strongly advice disabling VPN services if you’re not utilizing any VPN features such as L2TP, Site-to Site VPN, or Remote Access VPN.

Here is the procedure to disable VPN service.

Navigate to Object > Service > Service Group.

From the group "Default_Allow_WAN_To_ZyWALL", remove the services AH, ESP, IKE, and NATT.

If your usage is limited to a site-to-site VPN, we suggest permitting VPN services exclusively for specific source IP addresses.

Q5. What fix is included in the latest release 4.73P2and 5.36P2?

Here it is the CVE information about this release.



Q6. Is the device safe after upgraded to the latest release (4.73P2/5.36P2)? Do I need to do extra steps to protect my device?

After the device is upgraded to the latest release, the device will be safe. No further operation is needed.

Q7. Is the device managed by nebula mode also affected?

Yes. The latest release 5.36P2 will be available on cloud by May 24th.

Q8. What should I do if the on-Premise mode Firewall fails to upgrade to the latest firmware?

You can follow the steps to backup configuration & switch to standby partition for upgrading the latest firmware.

Q9. What should I do if Nebula management Firewall is offline from Nebula server after upgrading the firmware?(Sys light flashing)

You can re-plugin the power cord from your device, it should able boots up success.
If the device continues to exhibit the sys light flashing without successfully booting up, it is advisable to report this symptom to Support through the Nebula portal.

Share yours now! https://bit.ly/4aO0BMF

All Replies

  • mMontana
    mMontana Posts: 1,345  Guru Member
    Community MVP First Anniversary 10 Comments Friend Collector

    I would like to thank Zyxel to keep supporting ZLD 4.x firewalls with vulnerabilities and problems patches.

    Really appreciated.

  • MarkoD
    MarkoD Posts: 40  Freshman Member
    First Anniversary 10 Comments Friend Collector First Answer

    Well on one had I am also thankful for the quick fix, however, on the other hand, this is the least ZyXEL can (and must) do, since these vulnerabilities were present in the FW for years (all the way from old version v4.25) and given a CVE score of 9.8 out of 10, this must be a major and serious vulnerability…

    I would appreciate ZyXEL being more open on giving details about the vulnerability.

Security Highlight