How to solve the issue "ZTP is already enabled" on VPN series?

Zyxel_Emily Posts: 1,268  Zyxel Employee
First Anniversary 10 Comments Friend Collector First Answer
edited February 6 in Security


Unable to access the web GUI. Access the web GUI but the page "ZTP is already enabled" appears. The device is on-premises mode and never deployed using ZTP.

Q1. What are the impact model and version for this issue?

Affected model

Affected version


5.00 through 5.36(ABHL2)C0


5.00 through 5.36(ABFV.2)C0


5.00 through 5.36(ABFC.2)C0


5.00 through 5.36(ABIP.2)C0

Q2. What are the vulnerability details?

These issues may be connected to previously addressed CVE vulnerability CVE-2023-33012. Please note that ZLD5.37 Patch 1 (July 2023) is no longer susceptible to the CVE reference: CVE-2023-33012.

Q3. What should I do if "ZTP is already enabled" on VPN series?

Upgrade the affected VPN device to the following recovery version via FTP to unlock ZTP status.

How to update the firmware by FTP?

Q4. What should I do for unaffected VPN devices?

For unaffected VPN devices, make sure they are already upgraded to the latest official version 5.37 Patch 1. In security policy, we also suggest you NOT allow all source addresses to access HTTPS from WAN to ZyWALL. Create another security policy rule to allow trusted source IP address to have the access privilege from WAN to ZyWALL.

All Replies

  • SovSibir
    SovSibir Posts: 4
    First Comment

    I wonder why you need to download from an unofficial site? There is no such firmware update on the official website.

  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,417  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer

    This issue is not encountered by all devices; therefore, it is not suitable to be placed on the official site for everyone to update.

Security Highlight