Comments
-
Just came back to confirm that the GeoIP DB updated successfully on USG40W and USG60 running firmware v4.73 patch 2.
-
See this thread:
-
You must use different subnets and you need to configure Policy rules on both sites: Site A: Policy route A: Source = subnet A, target = subnet B, next-hop = VPN tunnel Site B: Policy route B: Source = subnet B, target = subnet A, next-hop = VPN tunnel…
-
Solution in this thread:
-
Dear @Zyxel_Emily, Thank you for replying so quicky. Do I understand correctly that USG40/60/W with FW 4.73 will also start to update their GeoIP DB after July 10th?
-
@Zyxel_Emily I home you'll also fix the GEO IP database for USG40/60/W
-
See here:
-
Follow the instructions below: https://support.zyxel.eu/hc/en-us/articles/360010368279-Re-register-ZyWall-to-another-MyZyxel-Account If it doesn't work, post a new thread here and ZyXEL employees will switch the device to your account if you send them a photo of it's serial number:
-
Yes, Zyxel, I hope you'll also fix this for USG40/60/W!
-
@Zyxel_Ivan: I've send you the photo of the unit, thanks!
-
I have the same problem when trying to re-register an USG40W which I bought from the previous owner via eBay. https://support.zyxel.eu/hc/en-us/articles/360010368279-Re-register-ZyWall-to-another-MyZyxel-Account After trying the steps in the above link, I get an error: "Device has already been registered"
-
Well on one had I am also thankful for the quick fix, however, on the other hand, this is the least ZyXEL can (and must) do, since these vulnerabilities were present in the FW for years (all the way from old version v4.25) and given a CVE score of 9.8 out of 10, this must be a major and serious vulnerability… I would…
-
The release notes for the newest firmware contain these 2 CVEs: CVE-2023-33009 CVE-2023-33010 I didn't find any detailed info, however ZyXEL has classified them as 9.8 out of 10, so I guess its trivial to make a DoS attack on all ZyXEL USGs via a simple script… All a hacker needs is an open port (IKE?)
-
@nielsscheldeman The FW version you have applied (V5.36(ABUI.1)ITS-23WK21-r109592 / 2023-05-23 18:54:50) isn't "Patch 1", but a "Patch-1 Hotfix-23WK21" firmware which should be the same as Patch 2 (which is the official FW bundle).
-
We also have circa 3 USG40W and 3 USG60 deployed and half of them are affected by this incident. USG40W becomes totally unreachable after about 2 hours and USG60 is reachable, however it drops all VPN connections after a couple of minutes. PS: To mitigate the issue until we can update the FW on-site, it helped to limit WAN…