Zyxel Firewalls Impacted by Recent Zero-Day Vulnerability (CVE-2020-9054) Open


The security flaw, which was issued CVE identifier CVE-2020-9054, can be exploited remotely, without authentication to execute arbitrary code on the affected devices.

Earlier this week, Zyxel published an advisory on the vulnerability, revealing that it impacted over a dozen NAS devices, including ten that were no longer supported. On Wednesday, the networking devices vendor updated the advisory to add a total of 23 UTM, ATP, and VPN firewalls to the list of vulnerable products. The flaw, it says, impacts firmware versions ZLD V4.35 Patch 0 through ZLD V4.35 Patch 2.

So what can you do, well its just a matter of making sure you keep your firmware updated, which of course you do, don't you? Please follow the guideline below,

  1. Ensure your devices are running the latest available firmware.
  2. Don't enable remote access unless it's absolutely necessary.
  3. Change the default password as soon as you log in to a new device for the first time.
  4. Use strong, unique passwords for every device and change them regularly.

The list of impacted devices now includes the following firewalls: ATP100, ATP200, ATP500, ATP800, USG20-VPN, USG20W-VPN, USG40, USG40W, USG60, USG60W, USG110, USG210, USG310, USG1100, USG1900, USG2200, VPN50, VPN100, VPN300, VPN1000, ZyWALL110, ZyWALL310, and ZyWALL1100.

You can also visit Security Advisories here: for more information.

Posted 2 years agoby peter2cfu
#1151804 viewsEdited 2 years ago

Please login to post an answer

Mon - Fri: 09:00-17:30 EAT
Weekends: Closed

Public Holidays: Closed

Uganda: +256-(0)772-755501
Uganda: +256-(0)772-700781
Rwanda: +250-(0)786-304817


Ours is a rich history providing holistic ICT support services; by designing, developing, implementing reliable and effective solutions, over the years we’ve learnt a thing or two about helping our customers getting IT right, the first time.

East Africa (Uganda, Rwanda, Kenya, Tanzania, Sudan) and DRC