Zywall USG FLEX Series & ATP Series - V5.39Patch 1 Firmware Release

Zyxel_Melen
Zyxel_Melen Posts: 2,409  Zyxel Employee
Zyxel Certified Network Engineer Level 1 - Switch Zyxel Certified Network Administrator - Switch Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate

Zywall USG FLEX Series & ATP Series Release Note 

November 2024

Firmware Version on all models

(Click the hyperlink to find the firmware file directly)


FLEX SeriesDownload linkATP SeriesDownload link
FLEX50V5.39(ABAQ.1)C0ATP100V5.39(ABPS.1)C0
FLEX50WV5.39(ABAR.1)C0ATP100WV5.39(ABRW.1)C0
FLEX50AXV5.39(ACGB.1)C0ATP200V5.39(ABFW.1)C0
FLEX100V5.39(ABUH.1)C0ATP500V5.39(ABFU.1)C0
FLEX100WV5.39(ABWC.1)C0ATP700V5.39(ABTJ.1)C0
FLEX100AXV5.39(ACFN.1)C0ATP800V5.39(ABIQ.1)C0
FLEX200V5.39(ABUI.1)C0
FLEX500V5.39(ABUJ.1)C0
FLEX700V5.39(ABWD.1)C0

New Feature and Enhancements

N/A

Bug Fix

S=Standalone mode, C=Cloud mode

Bug fixSC
1.Vulnerability FixVV

Please refer to the Download Link for more details.

Comments

  • mMontana
    mMontana Posts: 1,389  Guru Member
    50 Answers 1000 Comments Friend Collector Fifth Anniversary

    I'm not laughing, because release notes are not funny at all.

    Not even a ETA for full disclosure?

  • mMontana
    mMontana Posts: 1,389  Guru Member
    50 Answers 1000 Comments Friend Collector Fifth Anniversary
    edited November 19

    "Vulnerability fix" is understandable. Full disclosures might be source of issues, but please… At least state some ETA for the disclosure!

    Consider that for some safety/privacy procedures, lacking of the minimal information for assess the risk might lead to a delay for this version adoption!

  • Omnia
    Omnia Posts: 51  Ally Member
    First Comment Friend Collector Fifth Anniversary

    I think there is an day 0. Maybe something related to the web page. Close all access from wan it's only way to be secured ( maybe).

  • Zyxel_Melen
    Zyxel_Melen Posts: 2,409  Zyxel Employee
    Zyxel Certified Network Engineer Level 1 - Switch Zyxel Certified Network Administrator - Switch Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate

    Hi @mMontana & @Omnia,

    This vulnerability is a side effect of the V5.39 patch 0, APC function enhancement; if customers enable HTTPS/SSH on the WAN side, their devices will be exposed to risk and may have the chance to be hacked by using this vulnerability.

    Since this vulnerability was discovered by internal observation, no CVE ID will be applied, and no advisory will be published.