back to article Zyxel firewalls borked by buggy update, on-site access required for fix

Zyxel customers are dealing with a range of issues including reboot loops after an update on Friday went awry. The Taiwanese vendor updated application signatures for some of its firewalls between Friday and Saturday but insists the issues are unrelated to security or specific vulnerabilities. "We've found an issue affecting …

  1. cyberdemon Silver badge
    Stop

    Yet another reason not to enable automatic updates

    > those without valid security licenses are not affected

    Sounds like the usual Microsoft-style approach of "pay us, and we'll break your systems first!"

    I wonder if their NAS boxes are also affected

    1. Nate Amsden

      Re: Yet another reason not to enable automatic updates

      This same kind of thing happened to Sonicwall a few years ago, and I was pretty shocked to get hit by it on firewalls that didn't even have that feature licensed.. I think the impact was limited to Gen7 firewalls, of which I only had 1 pair at the time, all of the important stuff was/is on Gen6.

  2. Anonymous Coward
    Anonymous Coward

    Is it just me?

    "To address this, we've disabled the application signature on our servers"

    Either the application signing wasn't necessary, or Zyxel just opened a new attack route AND announced it?

    "Those ....... without valid security licenses are not affected."

    Not exactly an advert for having a valid security licence is it, lads?

  3. Anonymous Coward
    Anonymous Coward

    Zyxel?

    No idea they were still around - haven't heard of them in >30 years (I believe the context at the time was @*#!* winmodems!)

    1. Anonymous Coward
      Anonymous Coward

      Re: Zyxel?

      No, they made overheat/lockup-prone external modems, too.

      1. Sandtitz Silver badge
        Thumb Down

        Re: Zyxel?

        What...?

        Zyxel 1496E was a rock solid external model of the day, an excellent choice if you couldn't afford a Courier.

    2. Paul Crawford Silver badge

      Re: Zyxel?

      We use their basic model gigabit switches and have been happy enough considering the low cost and not being on Uncle Sam's naughty list of Chinese OEMs (we used GS1900 series). Obviously keeping the management addresses off the Internet! The fancier switches have a cloud management feature which is just a hard NO! for me.

      They do a small PoE model with 8 copper ports and two SFP so you can make a very cheap and effective network extender with fibre between buildings, etc, with that for PoE web cameras, WiFi access points, or similar. But Zyxel, like most other big names (Cisco, Sonicwall, Fortinet, Juniper, etc), seem unable to do a secure security appliance. Almost that name along hexes a product...

    3. DS999 Silver badge

      Re: Zyxel?

      I have a Q1000 VDSL2 modem. It has long been considered obsolete and off my telco's "approved" list but it still works great, and since I'm using it only as a bridge to my wireless router it doesn't need or get software updates (TR-069 is disabled just in case)

  4. Anonymous Coward
    Anonymous Coward

    MARA - Make America Route Again

    Cheap Chinese routers are failing? Shock. You surprise me.

    Doesn't this just prove Trump's plan to make everything in USA is needed as there would never be a problem like this from cheap American hardware.

    (Warning - may be some sarcasm in above text)

    I can give a cheaper fix than getting on site with RS232 cables. Replace the router. Stick a new one in the post. Hit old one with hammer.

    1. Anonymous Coward
      Anonymous Coward

      Re: MARA - Make America Route Again

      Did China invade Taiwan while I was asleep?

  5. Missing Semicolon Silver badge

    Their gigabit switches are quite good.

    I have a couple at home - basic simple web UI. Obviously keep that off the internet!

  6. IGotOut Silver badge
    Joke

    Typical...

    ...bloody Chinese copying yet another American innovation by rolling out an update, that completely bricks a device requiring a site visit

    1. Paul Crawford Silver badge

      Re: Typical...

      True! But Zyxel are Taiwanese even if some products are made in China.

  7. Bebu sa Ware
    Windows

    getting on site with RS232 cables.

    One reason I was keen on having this sort of hardware plugged into serial ports on dedicated box on an isolated management network.

    Years ago it was a PC with a Boca isa multiport serial adaptor running a minimal install of an early Redhat distro (4.2?) now probably a network KVM switch as a lot of stuff runs to at least VGA and PS2 keyboard.

    I would have thought any update would be A/B with a sanity check and watchdog timer set after the update and roll back if the watchdog times out.

    Have to wonder with the cutting of staff in the dubious anticipation of replacing the retrenched with AI has meant that the QA monkeys are even getting peanuts.

    Looking at the linked stories below this I would have to wonder why anyone would run a proprietary firewall... courageous or foolish?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like