Fw: Bug Firmware V5.42(ABUH.1) / Zyxel USGFLEX 100

nicolas2ker · March 30

Hello,

Except my mistake, I would like to inform you that there is an email notification bug since the new Firmware Version V5.42(ABUH.1) / 2026-02-08 02:18:35 update, affecting only the USGFLEX 100 model. The USGFLEX 100W model does not have this issue !

Specifically, when I receive emails, the sender and recipient addresses do not display their UDP/TCP ports on the 100 model, while they do display correctly on the 100W model.

Here is a concrete example:

USGFLEX 100

(no port)

No: 1

Date/Time: 2026-03-26 05:54:33

Category: secure-policy

Priority: alert

Source: 82.66.201.65

Destination: 192.168.1.xx

Note: ACCESS FORWARD

Message: priority:60, from WAN to ZyWALL, service Default_Allow_WAN_To_ZyWALL, ACCEPT

USGFLEX 100W

No: 1
Date/Time: 2026-03-26 02:18:03
Category: secure-policy
Priority: alert
Source: 85.217.140.3:41454
Destination: 192.168.1.xx:11444
Note: ACCESS FORWARD
Message: priority:30, from WAN to ZyWALL, TCP, service VPN_ZYXEL_Svc, ACCEPT

Could you confirm whether this is a firewall bug or a configuration error, given that it worked perfectly for years, including up to version 5.40? Is there a quick fix that can be implemented, as we don't know which TCP/UDP service it's trying to connect to?

Sincerely,

Nicolas

Zyxel_Melen · March 30

Hi @nicolas2ker

To investigate this issue, I will send a private message to get your configuration and replicate.

Please help to share your configuration. Thanks.

nicolas2ker · March 31

Hello Melen,

I just respond on https://community.zyxel.com/en/discussion/comment/84250#Comment_84250

Move the comment to here for better reviewing. By Melen

Regarding the secure-policy alert notification, I can assure you that I haven't made any changes to the rules, and it's related to versions 5.40 to 5.42 because 5.41 was unstable on the 100W. It no longer displays ports on the 100 model. I had hoped that the 100 firmware would be almost identical to the 100W, apart from the hardware.

Furthermore, for cybersecurity monitoring, the current method of retrieving emails is clearly not optimal. But with the automation program (local FTP/SFTP), to be reliable, I'm unable to retrieve files from, for example, /usbstorage/centralized_log/2026-03-28.log. For me, this is very inconvenient.

Furthermore, I analyzed this log specifically regarding the missing port issue, but it's displayed further down, outside the scope, with the label: ,others:47.

So, all of this becomes convoluted and requires compilation for security analysis. Do you have a reliable and secure solution for downloading the logs without using a GUI?

Router(config)# dir /usbstorage/centralized_log/2026-03-28.log

File Name Size Modified Time

===============================================================================

2026-03-28.log 55869571 2026-03-28 23:59:57

Router(config)# Router(config)# copy /usbstorage/centralized_log/2026-03-28.log /tmp/2026-03-28_000000.log

% copy across different directories prohibitretval = -39001ERROR: Operation is prohibited.Router(config)#

Zyxel_Melen · April 1

Hi @nicolas2ker

Thanks for the update.

The log stored in USB can only be got via device's GUI. Although this might not a safe way, but setup a syslog server might help for your automation.
Since the USB log can only be got from the GUI, we can use AI to create a script/program to download. Hint: check the browser console network activity to find the specific action for download.
If possible, please share the related log for us to fix this issue.

Fw: Bug Firmware V5.42(ABUH.1) / Zyxel USGFLEX 100

All Replies

Categories

Security Help Center