Wireguard?

Nope

I watched the introduction of the Flex-H-Firewall and there were questions regarding wireguard and the technician in the video said they would not implement it because of security conserns because there where CVEs in the past. The only thing i could find would be https://nvd.nist.gov/vuln/detail/CVE-2023-35838 but this is for the windows-client. I really think they don't care about wireguardsupport.

Also regarding their vulnerability track record they should be the last one's complaining…

Remember the built-in backdoor...

CVE-2020-29583

So guess wireguard is not profitable, I don't blame them but it's still a bummer, and this non excuse also does not help.

The thing is I would have upgraded solely for Wireguard...

Have a nice day.

Tried WireGuard on my Fritzbox for the first time today.

Client (Ubuntu) connects and I can even ping, use RDP etc. instantly.
Configuration is super simple since there are only a handful of parameters.

So yeah, I guess this question is gonna come up more and more.

Well, in the mean time, since Zyxel is so tight lipped about this, we could find out if it is at least theoretically possible for them to implement Wireguard on their current devices (in a performant way).
Wireguard has been integrated into the Linux kernel in version 5.6, so if a device does not have kernel version 5.6 or above, we can be quite certain that it won't receive Wireguard support. That's because you can run Wireguard in userspace instead of directly in the kernel, BUT this impacts performance and cpu usage quite a bit (here is a comparison: https://nordvpn.com/de/blog/wireguard-kernel-module-vs-user-space/ ).

So, how can we find out the kernel version? I only have a Zyxel scr 50axe, so I can tell you how it works there, it should be similar on their other devices.

One option is through the diagnostics data. In the scr 50axe you have to login on the local webui, then, in the bottom left you can, at "Diagnostics Collection", you can click "collect" and after it is done, you can download the archive. You should be able to extract it via 7-zip on Windows. On Linux you probably won't even need to install anything and this is probably not even the first time you see a tar archive :)
On the Flex h series I think you can download it under "Maintainance → Diagnostics", but on the Live Demo device, the demouser can only collect the diagnostics data, but not download it, so I can't look at it myself, since I don't have a flex h personally, but if you have, please take a look for the kernel version :)
Then, after extracting the archive, you go to "diaginfo-…/tmp/diagnostic/debug/diag_system" and open the file "diag_system_log" in your text editor. Then search for "Linux Version". So, on my scr 50axe I have:

Linux version 4.4.60 (chung-yu.chiang@a30d3dd1d98d) (gcc version 5.2.0 (OpenWrt GCC 5.2.0 efd04e534+r49254) ) #11 SMP PREEMPT Mon Aug 26 10:54:37 CST 2024

Which means, since it is version 4.4, it will most probably never get Wireguard support :(