Zyxel firewalls reboot due to flawed update

“We’ve found an issue affecting a few devices that may cause reboot loops, ZySH daemon failures, or login access problems – Zyxel reports. – The system LED may also flash. Please note this is not related to a CVE or security issue. “

According to Zyxel, the issues are caused by a glitch in the Application Signature Update released on the night of January 24-25, 2025.

Devices that have loaded the flawed update can spit out a wide range of errors, including inability to login to ATP/USG FLEX via web GUI (504 Gateway timeout), high CPU usage, inability to enter any commands in the console, “ZySH daemon is busy” messages, Coredump messages in the console, etc.

The flaw only affects USG FLEX and ATP series firewalls (ZLD firmware versions) with active security licenses. Devices on the Nebula platform and USG FLEX H (uOS) series are not affected.

According to Born City, recovery requires physical access to the affected device that must be connected via an RS232 cable.

“This recovery requires a console cable and must be done on-site. While it’s not ideal, it’s the only guaranteed solution for this issue.” – Zyxel experts say.

Recovery involves a sequence of steps, including configuration backup, downloading and installing special firmware, and connecting via the web interface to restore the saved configuration file.

The above steps are described in detail in the manual, and admins are strongly recommended to review it prior to recovery.