Zyxel warns of vulnerabilities in firewalls, AP controllers and access points (May 24, 2022)

Sicherheit (Pexels, allgemeine Nutzung)[German]Vendor Zyxel has published a security advisory warning of several vulnerabilities in firewalls, access points and access point controllers. Attackers can execute their own code via the vulnerabilities, block 2FA login and disrupt the devices. However, updates are available for the affected components to close the vulnerabilities.


Blog reader Enox already emailed me yesterday to point out this issue and mentioned the Zyxel security advisory for multiple vulnerabilities of firewalls, AP controllers, and APs. He wrote:

after the newer firewalls have been patched (I asked Zyxel if the "old" boxes were also affected, but didn't get any feedback) it seems that they now have multiple fixed vulnerabilities. Among other things, a bypass of the WebAuthentication is fixed, which is extremely important for us, because we use it to authenticate all our users remotely and that is open to the outside. There was no security news from Zyxel (we are a partner) or anything else. If I hadn't googled for the article after the firewall offered me the "there is a new firmware", I would never have found out about it. Meanwhile their communication annoys me more and more.

Zyxel confirms in the advisory of several vulnerabilities reported to it by security consultants and advises users to install the appropriate firmware updates to ensure optimal protection. Here's a list of the vulnerabilities:


A cross-site scripting vulnerability has been found in the CGI program of some firewall versions, which could allow an attacker to obtain some information stored in the user's browser, such as cookies or session tokens, via a malicious script.



Several improper input validation errors were found in some CLI commands in some firewall, AP controller, and AP versions that could allow a local, authenticated attacker to cause a buffer overflow or system crash via a tampered payload.


A command injection vulnerability in the CLI packet-trace command of some firewall, AP controller, and AP versions could allow a local authenticated attacker to execute arbitrary operating system commands by injecting spoofed arguments into the command.


An authentication bypass vulnerability was found in the CGI program of some firewall versions due to the lack of a proper access control mechanism. The flaw could allow an attacker to downgrade from two-factor authentication to one-factor authentication via an IPsec VPN client.

The affected products are listed in the Zyxel security advisory for multiple vulnerabilities of firewalls, AP controllers, and APs. Corresponding updates are probably available from Zyxel support or from this website (there is firmware version 4.72 for the older USG40/60 etc.).

Cookies helps to fund this blog: Cookie settings

This entry was posted in Security and tagged . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *