Primary

Context

Zyxel ZLD Firewalls Missing Authorization Vulnerability Allowing Configuration Download

Vulnerability

A missing authorization vulnerability has been identified in Zyxel ATP series, USG FLEX series, USG FLEX 50(W) series, and USG20(W)-VPN series, all running specific firmware versions. This vulnerability could allow a semi-authenticated attacker, who has only partially completed the two-factor authentication process, to access and download the system configuration from the affected device.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive system configuration data, which could be misused to compromise the device or network security.

Remediation

Users are advised to update to Zyxel ZLD version 5.41, which addresses this vulnerability.

Added: Oct 21, 2025, 3:17 AM

Updated: Oct 21, 2025, 3:17 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.2

remediation

7.7

relevance

0.8

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.2

remediation

7.7

relevance

0.8

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Zyxel ZLD Firewalls Missing Authorization Vulnerability Allowing Configuration Download

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating