Zyxel NAS (Network Attached Storage) and firewall products are affected by a remote code execution vulnerability. Users are advised to install our latest firmware which we provide immediately for optimal protection.
What is the vulnerability?
A remote code execution vulnerability was identified in the weblogin.cgi program used in Zyxel NAS and firewall products. Missing authentication for the program could allow attackers to perform remote code execution via OS command injection.
What products are vulnerable—and what should you do?
After a thorough investigation of the complete product lines, we’ve confirmed that the vulnerability affects the following products running specific firmware versions:
- NAS products running firmware version 5.21 and earlier.
- UTM, ATP, and VPN firewalls running firmware version ZLD V4.35 Patch 0 through ZLD V4.35 Patch 2. Those with firmware versions before ZLD V4.35 Patch 0 are NOT affected.
We’ve identified the vulnerable products that are within their warranty and support period, as shown in the table below. For optimal protection, we urge users to install the hotfixes first and the standard firmware patches when available.
NAS326 NAS520 NAS540 NAS542
ATP100 ATP200 ATP500 ATP800
USG20-VPN USG20W-VPN USG40 USG40W
USG60 USG60W USG110 USG210
USG310 USG1100 USG1900 USG2200
VPN50 VPN100 VPN300 VPN1000
ZyWALL110 ZyWALL310 ZyWALL1100