The security flaw, which was issued CVE identifier CVE-2020-9054, can be exploited remotely, without authentication to execute arbitrary code on the affected devices.

Earlier this week, Zyxel published an advisory on the vulnerability, revealing that it impacted over a dozen NAS devices, including ten that were no longer supported. On Wednesday, the networking devices vendor updated the advisory to add a total of 23 UTM, ATP, and VPN firewalls to the list of vulnerable products. The flaw, it says, impacts firmware versions ZLD V4.35 Patch 0 through ZLD V4.35 Patch 2.

So what can you do, well its just a matter of making sure you keep your firmware updated, which of course you do, don't you? Please follow the guideline below,

1. Ensure your devices are running the latest available firmware.
2. Don't enable remote access unless it's absolutely necessary.
3. Change the default password as soon as you log in to a new device for the first time.
4. Use strong, unique passwords for every device and change them regularly.

The list of impacted devices now includes the following firewalls: ATP100, ATP200, ATP500, ATP800, USG20-VPN, USG20W-VPN, USG40, USG40W, USG60, USG60W, USG110, USG210, USG310, USG1100, USG1900, USG2200, VPN50, VPN100, VPN300, VPN1000, ZyWALL110, ZyWALL310, and ZyWALL1100.

You can also visit Security Advisories here: for more information.