Article Details

Zyxel warns of bad signature update causing firewall boot loops. Zyxel is warning that a bad security signature update is causing critical errors for USG FLEX or ATP Series firewalls, including putting the device into a boot loop. "We've found an issue affecting a few devices that may cause reboot loops, ZySH daemon failures, or login access problems," warns a new Zyxel advisory. "The system LED may also flash. Please note this is not related to a CVE or security issue." Zyxel says the issues are caused by a failure in an Application Signature Update for its cybersecurity features that was pushed out on 1/24 through 1/25 at night. Devices that received the faulty update are now experiencing a wide range of issues, including: Zyxel says only USG FLEX or ATP Series (ZLD Firmware Versions) firewalls with active security licenses are impacted. Devices on the Nebula platform or USG FLEX H (uOS) series are not affected. As first reported by Born City, the only way to fix the issue is to have physical access to the firewall and to connect to the console via an RS232 serial cable. "This recovery requires a console cable and must be done on-site. While it's not ideal, it's the only guaranteed solution for this issue," reads the advisory. Admins will now need to conduct a series of steps to restore the firewall, including backing up the configuration, downloading and applying a special firmware, and then connecting via the web GUI to restore the backed-up configuration file. Zyxel has shared detailed steps in its advisory, and it is highly recommended that admins review them before attempting to recover devices. BleepingComputer has contacted Zyxel with questions about the incident, but no reply was immediately received.