Zywall USG FLEX Series & ATP Series - V5.39Patch 1 Firmware Release

Zyxel_Melen · November 18

Zywall USG FLEX Series & ATP Series Release Note

November 2024

Firmware Version on all models

(Click the hyperlink to find the firmware file directly)

FLEX Series	Download link	ATP Series	Download link
FLEX50	V5.39(ABAQ.1)C0	ATP100	V5.39(ABPS.1)C0
FLEX50W	V5.39(ABAR.1)C0	ATP100W	V5.39(ABRW.1)C0
FLEX50AX	V5.39(ACGB.1)C0	ATP200	V5.39(ABFW.1)C0
FLEX100	V5.39(ABUH.1)C0	ATP500	V5.39(ABFU.1)C0
FLEX100W	V5.39(ABWC.1)C0	ATP700	V5.39(ABTJ.1)C0
FLEX100AX	V5.39(ACFN.1)C0	ATP800	V5.39(ABIQ.1)C0
FLEX200	V5.39(ABUI.1)C0
FLEX500	V5.39(ABUJ.1)C0
FLEX700	V5.39(ABWD.1)C0

New Feature and Enhancements

N/A

Bug Fix

S=Standalone mode, C=Cloud mode

Bug fix	S	C
1.Vulnerability Fix	V	V

Please refer to the Download Link for more details.

mMontana · November 18

I'm not laughing, because release notes are not funny at all.

Not even a ETA for full disclosure?

mMontana · November 19

"Vulnerability fix" is understandable. Full disclosures might be source of issues, but please… At least state some ETA for the disclosure!

Consider that for some safety/privacy procedures, lacking of the minimal information for assess the risk might lead to a delay for this version adoption!

Omnia · November 19

I think there is an day 0. Maybe something related to the web page. Close all access from wan it's only way to be secured ( maybe).

Zyxel_Melen · 8:45AM

Hi @mMontana & @Omnia,

This vulnerability is a side effect of the V5.39 patch 0, APC function enhancement; if customers enable HTTPS/SSH on the WAN side, their devices will be exposed to risk and may have the chance to be hacked by using this vulnerability.

Since this vulnerability was discovered by internal observation, no CVE ID will be applied, and no advisory will be published.