Zyxel has issued a warning regarding a faulty security signature update that has caused critical errors in USG FLEX and ATP Series firewalls. The update, which was pushed out between January 24 and 25, led to various issues including reboot loops, ZySH daemon failures, and login access problems. This failure is not related to a CVE or a security vulnerability, but rather stems from an issue within the Application Signature Update affecting these devices. The update has caused systems to enter a state where the system LED flashes, high CPU usage is observed, and error messages such as “ZySH daemon is busy” appear.
The faulty update only impacts firewalls with active security licenses and does not affect devices on the Nebula platform or the USG FLEX H series. Administrators who attempted to log into the devices via the web GUI experienced timeouts, with messages like “504 Gateway timeout” appearing. The issues extend beyond login failures, as users also found that they were unable to issue commands on the console, while coredump messages were seen on the console.
These problems have created significant disruptions for those relying on the affected devices for security.
To resolve the issue, Zyxel has emphasized that physical access to the affected devices is necessary. Administrators must connect to the console via an RS232 serial cable, a process that involves a series of recovery steps. This includes backing up the configuration, downloading and applying special firmware, and then restoring the configuration via the web GUI. Zyxel has outlined the full recovery process in a detailed advisory, urging administrators to follow the steps carefully to avoid further complications.
For those who need additional assistance, Zyxel has scheduled a Microsoft Teams Open Question Session on January 25 to provide further support. The session will be available during two time slots, 9 AM – 12 PM and 1 PM – 5 PM GMT +1. Zyxel has yet to respond to inquiries from BleepingComputer regarding the incident, leaving the full scope of the impact and any potential solutions under investigation.
