Zyxel Firewalls Impacted by Recent Zero-Day Vulnerability (CVE-2020-9054)
The security flaw, which was issued CVE identifier CVE-2020-9054, can be exploited remotely, without authentication to execute arbitrary code on the affected devices.
Earlier this week, Zyxel published an advisory on the vulnerability, revealing that it impacted over a dozen NAS devices, including ten that were no longer supported. On Wednesday, the networking devices vendor updated the advisory to add a total of 23 UTM, ATP, and VPN firewalls to the list of vulnerable products. The flaw, it says, impacts firmware versions ZLD V4.35 Patch 0 through ZLD V4.35 Patch 2.
So what can you do, well its just a matter of making sure you keep your firmware updated, which of course you do, don't you? Please follow the guideline below,
- Ensure your devices are running the latest available firmware.
- Don't enable remote access unless it's absolutely necessary.
- Change the default password as soon as you log in to a new device for the first time.
- Use strong, unique passwords for every device and change them regularly.
The list of impacted devices now includes the following firewalls: ATP100, ATP200, ATP500, ATP800, USG20-VPN, USG20W-VPN, USG40, USG40W, USG60, USG60W, USG110, USG210, USG310, USG1100, USG1900, USG2200, VPN50, VPN100, VPN300, VPN1000, ZyWALL110, ZyWALL310, and ZyWALL1100.
You can also visit Security Advisories here: for more information.