What you should know about CVE-2020-29583 and actions to take to mitigate the risk!

Zyxel_Emily

Regarding the recent report of the CVE-2020-29583 case affecting Zyxel firewalls and AP controllers, Zyxel was aware of the situation on November 30, 2020 and immediately started the investigation for the complete product lines and provided the hotfix for firewalls on December 3, 2020.  

Some users may still have questions about what information need to be checked, what actions should be taken. Check below list for more details.

ATP / USG / USG FLEX/ VPN series

• Is my ZyWALL/USG/VPN/ATP/USG FLEX firmware version affected? How to check?

• If my device is running on ZLD 4.60C0, how to upgrade it to ZLD4.60 P1?

• How do I check unauthorized users trying to access my device? Can I check the login history?

• If I’m running on ZLD4.60 C0 and can’t upgrade my firmware temporarily, what else I can do to avoid this vulnerability?

NXC Series

• Is my NXC2500/5500 firmware version affected? How to check?

• If my device is running on firmware 6.00P6  and 6.10P0, how to upgrade it to 6.10P1?

• If I’m running on 6.00 and 6.10 and can’t upgrade my firmware temporarily, what else I can do to avoid this vulnerability?