ZLD4.73 & ZLD5.36 patch 2 Official Version Released to address Buffer Overflow Issues

135678

All Replies

  • PeterUK
    PeterUK Posts: 2,652  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    edited May 2023

    I guess hacks found out some people had not been updating their firmware and have targeted the old firmware with fake downloads.

  • GIOMIND
    GIOMIND Posts: 7
    Friend Collector First Comment

    No, the zyxel page you posted: if you scroll to USG section and point to "Download 5.10" it links to a dropbox download.

    So Zyxel used dropbox for their downloads, but dropbox, when huge traffic is detected on a specific link, disables it… BAM Zyxel, great idea!

    https://support.zyxel.eu/hc/en-us/articles/360013941859-Security-Products-Firmware-Overview-and-History-Downloads-for-FLEX-ATP-USG-VPN-ZYWALL

  • GIOMIND
    GIOMIND Posts: 7
    Friend Collector First Comment

    Either they have hacked Zyxel or Zyxel has not been very clever in using dropbox for sharing their firmware: on a zero day with massive downloads….dropbox says goodbye

  • PeterUK
    PeterUK Posts: 2,652  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer

    Yes Zyxel should really think about putting old firmware on portal.myzyxel.com

  • usrf
    usrf Posts: 3
    First Anniversary First Comment

    Patch 2 seams to still have the issue. We were running patch 1 and this morning our IPsec vpn's were dropping randomly. Never happened before. Applied patch 2 and it still happened. We geo-filtered traffic now as a previous post suggested and that seems to have fixed it for now (until attacks come from US).

  • XMFI
    XMFI Posts: 3
    First Comment

    These links won't work for archive firmware.

    Does someone have a link for a USG20W-VPN 4.25?

    Thanks :)

  • Niels2021
    Niels2021 Posts: 7
    First Anniversary Friend Collector First Comment
    edited May 2023

    In the past all older firmwares of all devices were available on ftp.zyxel.com. Why is that gone? Could have been a huge help now.

    But we still have no clear answer on what is happening the past days:

    - Is this caused by a DOS attack? I see an IP from ukrain trying to connect to the IKEv2 port on several . All traffic from outside Europe is blocked on 20% of our firewalls and they have this problem too.

    - Because it looks like it's fixed with new firmware: is this an attack that's only vulnerable for ZyXEL devices?

    - L2TP over IPSec with AD integration is not working after the firmware update. IKEv2 with secuextender and AD integration is no problem, but not all of our cliënts are willing to pay for this cliënt...

    - Is IPS (Intrusion Prevention System) catching this on firewalls which have this enabled? We don't use this service but I wanna know if it's worth the money now.

  • MarkoD
    MarkoD Posts: 35  Freshman Member
    First Anniversary 10 Comments Friend Collector First Answer

    The release notes for the newest firmware contain these 2 CVEs:

    CVE-2023-33009
    CVE-2023-33010

    I didn't find any detailed info, however ZyXEL has classified them as 9.8 out of 10, so I guess its trivial to make a DoS attack on all ZyXEL USGs via a simple script… All a hacker needs is an open port (IKE?)

  • Omnia
    Omnia Posts: 39  Freshman Member
    First Anniversary 10 Comments Friend Collector
    edited May 2023
  • annm
    annm Posts: 1
    First Comment

    We have 2 USG 20 and 1 USG 60 that we can't log into as of this morning. Was able to log into them one time, but then not again. Our VPN is down. How do we fix without having to wipe and rebuild?!

Security Highlight