Zyxel security advisory: protecting against recent firewall threats

Summary

Zyxel is aware of recent attempts by threat actors to target Zyxel firewalls through previously disclosed vulnerabilities, as reported in Sekoia’s blog post. We confirm that firewall firmware version 5.39, released on September 3, 2024, and later versions are immune to the mentioned exploitation, as we have addressed all known vulnerabilities, including CVE-2024-11667, and performed a series of security enhancements in version 5.39.

To safeguard devices, we have strongly urged users to update their firmware and change admin passwords. These updates are critical to mitigating the risk of threat actors exploiting previously disclosed vulnerabilities in Zyxel security appliances.

What is the vulnerability?

CVE-2024-11667

A directory traversal vulnerability in the web management interface of Zyxel ZLD firewall firmware versions 5.00 through 5.38 could allow an attacker to download or upload files via a crafted URL.

What should you do?

To protect your network and prevent possible attacks, we strongly recommend the following proactive measures:

  • Update Firmware: Immediately update your device to the latest firmware version.
  • Disable Remote Access: If updates cannot be applied immediately, temporarily disable remote access to your device until the firmware is patched.
  • Review Best Practices: Review general cybersecurity guidelines [here].
Got a question?

Please contact your local service rep or visit Zyxel’s Community for further information or assistance.

Revision history

2024-11-21: Initial release
2024-11-27: Updated the CVE description