CVE-2020-29299

Name of the Vulnerable Software and Affected Versions Zyxel VPN On-premise versions prior to ZLD V4.39 week38 Zyxel VPN Orchestrator versions prior to SD-OS V10.03 week32 Zyxel USG versions prior to ZLD V4.39 week38 Zyxel USG FLEX versions prior to ZLD V4.55 week38 Zyxel ATP versions prior to ZLD V4.55 week38 Zyxel NSG versions prior to 1.33 patch 4

Description Certain Zyxel products allow command injection by an admin via an input string to chg exp pwd during a password-change action.

Recommendations For Zyxel VPN On-premise versions prior to ZLD V4.39 week38, update to ZLD V4.39 week38 or later. For Zyxel VPN Orchestrator versions prior to SD-OS V10.03 week32, update to SD-OS V10.03 week32 or later. For Zyxel USG versions prior to ZLD V4.39 week38, update to ZLD V4.39 week38 or later. For Zyxel USG FLEX versions prior to ZLD V4.55 week38, update to ZLD V4.55 week38 or later. For Zyxel ATP versions prior to ZLD V4.55 week38, update to ZLD V4.55 week38 or later. For Zyxel NSG versions prior to 1.33 patch 4, update to 1.33 patch 4 or later. As a temporary workaround, consider restricting access to the chg exp pwd function until a patch is available.