How to solve the issue "ZTP is already enabled" on VPN series?

Zyxel_Emily
Zyxel_Emily Posts: 1,396  Zyxel Employee
Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 1000 Comments
edited February 6 in Security

Symptom:

Unable to access the web GUI. Access the web GUI but the page "ZTP is already enabled" appears. The device is on-premises mode and never deployed using ZTP.

Q1. What are the impact model and version for this issue?

Affected model

Affected version

VPN50

5.00 through 5.36(ABHL2)C0

VPN100

5.00 through 5.36(ABFV.2)C0

VPN300

5.00 through 5.36(ABFC.2)C0

VPN1000

5.00 through 5.36(ABIP.2)C0

Q2. What are the vulnerability details?

These issues may be connected to previously addressed CVE vulnerability CVE-2023-33012. Please note that ZLD5.37 Patch 1 (July 2023) is no longer susceptible to the CVE reference: CVE-2023-33012.

Q3. What should I do if "ZTP is already enabled" on VPN series?

Upgrade the affected VPN device to the following recovery version via FTP to unlock ZTP status.

How to update the firmware by FTP?

Q4. What should I do for unaffected VPN devices?

For unaffected VPN devices, make sure they are already upgraded to the latest official version 5.37 Patch 1. In security policy, we also suggest you NOT allow all source addresses to access HTTPS from WAN to ZyWALL. Create another security policy rule to allow trusted source IP address to have the access privilege from WAN to ZyWALL.

All Replies

  • SovSibir
    SovSibir Posts: 4  Freshman Member
    First Comment First Anniversary

    I wonder why you need to download from an unofficial site? There is no such firmware update on the official website.

  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,511  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 1000 Comments

    This issue is not encountered by all devices; therefore, it is not suitable to be placed on the official site for everyone to update.

Security Highlight