Zyxel security advisory for the Bleichenbacher’s attack vulnerability of ZyWALL/USG devices

CVE: CVE-2018-9129



ZyWALL/USG devices are vulnerable to Bleichenbacher’s attacks on their IKEv1 implementation. Users are advised to upgrade to the latest available firmware for optimal protection.


What’s the vulnerability?

ZyWALL/USG devices have a security vulnerability in the Internet Key Exchange (IKE) handshake implementation used for their IPsec-based VPN connections. Attackers might be able to use this vulnerability to retrieve IKEv1 session keys and decrypt connections by using a chosen-ciphertext attack called Bleichenbacher's attack.


What products are vulnerable?

ZyWALL/USG series products


What should you do?

We strongly recommend that users of vulnerable products download the latest firmware for optimal network protection.

Product series Firmware patch
USG 20(W)-VPN/40(W)/60(W)/110/210/2200-VPN ZLD4.32 available on https://portal.myzyxel.com/*
ZyWALL 110 ZLD4.32 available on https://portal.myzyxel.com/*
USG 310/1100/1900 Provided on demand. Contact your local support.
ZyWALL 310/1100 Provided on demand. Contact your local support.
ZyWALL VPN 50/100/300 ZLD4.31 patch 2 available on https://portal.myzyxel.com/*

*Upon log-in, click “device management” and “firmware download” on the left-side menu and select your model from the dropdown menu.


Got a question or a tipoff?

Please contact your local service rep for further information or assistance. If you’ve found a vulnerability, we want to work with you to fix it—contact security@zyxel.com.tw and we’ll get right back to you.



Thanks to Dennis Felsch and Martin Grothe at Ruhr-University Bochum, Germany, for reporting this vulnerability to us.


Revision history

Initial release 2018-08-13