“We’ve found an issue affecting a few devices that may cause reboot loops, ZySH daemon failures, or login access problems – Zyxel reports. – The system LED may also flash. Please note this is not related to a CVE or security issue. “
According to Zyxel, the issues are caused by a glitch in the Application Signature Update released on the night of January 24-25, 2025.
Devices that have loaded the flawed update can spit out a wide range of errors, including inability to login to ATP/USG FLEX via web GUI (504 Gateway timeout), high CPU usage, inability to enter any commands in the console, “ZySH daemon is busy” messages, Coredump messages in the console, etc.
The flaw only affects USG FLEX and ATP series firewalls (ZLD firmware versions) with active security licenses. Devices on the Nebula platform and USG FLEX H (uOS) series are not affected.
According to Born City, recovery requires physical access to the affected device that must be connected via an RS232 cable.
“This recovery requires a console cable and must be done on-site. While it’s not ideal, it’s the only guaranteed solution for this issue.” – Zyxel experts say.
Recovery involves a sequence of steps, including configuration backup, downloading and installing special firmware, and connecting via the web interface to restore the saved configuration file.
The above steps are described in detail in the manual, and admins are strongly recommended to review it prior to recovery.
2025.02.20 — Newly-discovered vulnerabilities in OpenSSH open the door to MiTM and DoS attacks
OpenSSH fixed two vulnerabilities that could result in MiTM and denial of service (DoS) attacks. Interestingly, one of these bugs appeared in the code more than 10…
Full article →
2025.04.04 — Privilege escalation vulnerability in Google Cloud resulting in sensitive data leaks finally patched
Tenable Research revealed details of a recently patched privilege escalation vulnerability in Google Cloud Platform (GCP) Cloud Run enabling an attacker to gain access to container images…
Full article →
2025.02.01 — Critical RCE vulnerability fixed in Cacti
A critical vulnerability has been discovered in the open-source Cacti framework: it enables an authenticated attacker to remotely execute arbitrary code. Vulnerability's ID is CVE-2025-22604; its…
Full article →
2025.01.27 — Zyxel firewalls reboot due to flawed update
Zyxel warned its customers that a recent signature update may cause critical errors in USG FLEX and ATP series firewalls. As a result, devices go into…
Full article →
2025.02.07 — 768 vulnerabilities were exploited by hackers in 2024
According to VulnCheck, 768 CVEs were registered as exploited in real-life attacks in 2024. This is 20% greater compared to 2023 when hackers exploited 639 vulnerabilities. Interestingly,…
Full article →
2025.02.08 — Hackers exploit RCE vulnerability in Microsoft Outlook
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned Federal Civilian Executive Branch (FCEB) Agencies that they have to secure their systems from ongoing…
Full article →
2025.02.18 — Chrome Enhanced Protection mode is now powered by AI
The Enhanced Protection mode in Google Chrome has been updated. Now it uses AI to protect users from dangerous sites, downloads, and extensions in real time.…
Full article →
2025.03.07 — YouTube warns of scam video featuring its CEO
According to YouTube, scammers use an AI-generated video of the company's CEO in phishing attacks to steal user credentials. The scammers attack content creators by sending them…
Full article →
2025.02.06 — Let's Encrypt to stop sending expiration notification emails
The nonprofit organization announced that, starting June 4, 2025, it will stop sending expiration notification emails to subscribers. The primary reason behind this decision…
Full article →
2025.02.21 — Microsoft fixes vulnerability in Power Pages exploited by cybercriminals
Microsoft patched a severe privilege escalation vulnerability in Power Pages used by hackers as a 0-day. The vulnerability tracked as CVE-2025-24989 (CVSS score 8.2) pertains…
Full article →