On-Prem

Networks

Zyxel firewalls borked by buggy update, on-site access required for fix

Boxes stuck in boot loops and various other malfunctions


Zyxel customers are dealing with a range of issues including reboot loops after an update on Friday went awry.

The Taiwanese vendor updated application signatures for some of its firewalls between Friday and Saturday but insists the issues are unrelated to security or specific vulnerabilities.

"We've found an issue affecting a few devices that may cause reboot loops, ZySH daemon failures, or login access problems," Zyxel's advisory reads. "The system LED may also flash. Please note this is not related to a CVE or security issue.

"The issue stems from a failure in the Application Signature Update, not a firmware upgrade. To address this, we've disabled the application signature on our servers, preventing further impact on firewalls that haven't loaded the new signature versions."

In addition to boot loops, some users are experiencing glitches such as being unable to enter console commands, unusually high CPU usage, and various other error messages.

The firewalls affected include USG Flex boxes and ATP Series devices running ZLD firmware versions – installations that have active security licenses and dedicated signature updates enabled in on-premises/standalone mode.

Those running on the Nebula platform, on USG Flex H (uOS), and those without valid security licenses are not affected.

It also says that currently, there is only one way to get around this, and it is "not ideal."

The "not ideal" part is that sysadmins will need physical access to the firewall and a Console/RS232 cable to begin the recovery process.

Zyxel details each step in its advisory, but it involves creating a backup file before installing the new firmware.

There are no remote options available, the vendor said. It alluded to potentially available approaches that might work in "very rare" cases, but even then, they might lead to other issues such as losing config files, so they aren't recommended or even detailed.

Zyxel warned that those with systems running in Device-HA mode should contact Zyxel support directly for tailored assistance.

Support agents are available via phone and web chat for admins needing assistance to get their boxes back online. Zyxel also reopened its Microsoft Teams channel today to address customer needs. ®

Send us news
14 Comments

Fortinet: FortiGate config leaks are genuine but misleading

Competition hots up with Ivanti over who can have the worst start to a year

Miscreants 'mass exploited' Fortinet firewalls, 'highly probable' zero-day used

Ransomware 'not off the table,' Arctic Wolf threat hunter tells El Reg

US names Chinese national it alleges was behind 2020 attack on Sophos firewalls

Also sanctions his employer – an outfit called Sichuan Silence linked to Ragnarok ransomware

Palo Alto Networks tackles firewall-busting zero-days with critical patches

Amazing that these two bugs got into a production appliance, say researchers

Pakistan’s internet slows to uncomfortable levels, allegedly due to new China-style firewall

Minister issues denial – it's just an upgrade to the 'web-management system'

China's FortiGate attacks more extensive than first thought

Dutch intelligence says at least 20,000 firewalls pwned in just a few months

Zero-day exploited right now in Palo Alto Networks' GlobalProtect gateways

Out of the PAN-OS and into the firewall, a Python backdoor this way comes

Inside Denmark’s hell week as critical infrastructure orgs faced cyberattacks

Zyxel zero days and nation-state actors (maybe) had a hand in the sector’s worst cybersecurity event on record

More than 178,000 SonicWall firewalls are exposed to old denial of service bugs

Majority of public-facing devices still unpatched against critical vulns from as far back as 2022

Thousands of Juniper Networks devices vulnerable to critical RCE bug

Yet more support for the argument to adopt memory-safe languages

Cisco intros AI to find firewall flaws, warns this sort of thing can't be free

Predicts cyber crims will find binary brainboxes harder to battle

Microsoft tries a deeper dive into Azure Firewall traffic

If the flow slows, you need to know why