Your browser either does not support JavaScript or you have turned JavaScript off.

Zyxel security advisory for vulnerabilities related to the Free Time feature

CVE: CVE-2019-12581, CVE-2019-12583


Zyxel security firewalls and hotspot gateways that support the Free Time WiFi hotspot feature are susceptible to a cross-site scripting and a security misconfiguration vulnerability. Users are advised to install the applicable hotfixes for optimal protection.

What is the vulnerability?

A reflected cross-site scripting vulnerability had previously been identified in the "free_time_failed.cgi" program in specific security firewalls and hotspot gateways equipped with hotspot functionality. The vulnerability could allow an attacker to obtain browser cookies of the hotspot guest user account without authentication.

A security misconfiguration vulnerability, recently found in the "free_time.cgi" program, could allow an attacker to generate guest accounts even if the Free Time feature is disabled.

It is important to note that the hotspot guest user account is solely designed to provide hotspot guest users with temporary internet access on certain select web pages. It is the least-privileged account of the affected devices, and the hotspot user group is entirely independent and isolated from the device administrative user group in our design. By default, our firewall policy would block hotspot users from accessing the device's administrative interface. This means even if the vulnerability is exploited, the attacker will not be able to remotely access or change the administrative settings of the device.

What should you do?

After a thorough investigation, we've identified the vulnerable products, as listed in the table below. Hotfixes are now available for those devices, and we will include patches in their next regular firmware release. We urge users to install them for optimal protection.

Device affected Hotfix availability Standard availability
UAG2100 N/A
UAG4100 N/A
UAG5100 N/A
USG110 ZLD4.35 in Oct. 2019
USG210 ZLD4.35 in Oct. 2019
USG310 ZLD4.35 in Oct. 2019
USG1100 ZLD4.35 in Oct. 2019
USG1900 ZLD4.35 in Oct. 2019
USG2200-VPN ZLD4.35 in Oct. 2019
ZyWALL 110 ZLD4.35 in Oct. 2019
ZyWALL 310 ZLD4.35 in Oct. 2019
ZyWALL 1100 ZLD4.35 in Oct. 2019
VPN100 SD-OS v10.02 patch 1 in Jun. 2019
VPN300 SD-OS v10.02 patch 1 in Jun. 2019

Got a question or a tipoff?

Please contact your local service rep for further information or assistance. If you’ve found a vulnerability, we want to work with you to fix it—contact and we’ll get right back to you.


Revision history

2018-04-17: Initial release

2019-06-27: Added the security misconfiguration vulnerability details and updated the list of affected models