Your browser either does not support JavaScript or you have turned JavaScript off.

Zyxel security advisory for the Bleichenbacher’s attack vulnerability of ZyWALL/USG devices

CVE: CVE-2018-9129


ZyWALL/USG devices are vulnerable to Bleichenbacher’s attacks on their IKEv1 implementation. Users are advised to upgrade to the latest available firmware for optimal protection.

What’s the vulnerability?

ZyWALL/USG devices have a security vulnerability in the Internet Key Exchange (IKE) handshake implementation used for their IPsec-based VPN connections. Attackers might be able to use this vulnerability to retrieve IKEv1 session keys and decrypt connections by using a chosen-ciphertext attack called Bleichenbacher's attack.

What products are vulnerable?

ZyWALL/USG series products

What should you do?

We strongly recommend that users of vulnerable products download the latest firmware for optimal network protection.

Product series Firmware patch
USG 20(W)-VPN/40(W)/60(W)/110/210/2200-VPN ZLD4.32 available on*
ZyWALL 110 ZLD4.32 available on*
USG 310/1100/1900 Provided on demand. Contact your local support.
ZyWALL 310/1100 Provided on demand. Contact your local support.
ZyWALL VPN 50/100/300 ZLD4.31 patch 2 available on*

*Upon log-in, click “device management” and “firmware download” on the left-side menu and select your model from the dropdown menu.

Got a question or a tipoff?

Please contact your local service rep for further information or assistance. If you’ve found a vulnerability, we want to work with you to fix it—contact and we’ll get right back to you.


Thanks to Dennis Felsch and Martin Grothe at Ruhr-University Bochum, Germany, for reporting this vulnerability to us.

Revision history

Initial release 2018-08-13