A downgrade from two-factor authentication to one-factor authentication vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.32 up to and including 4.71, USG FLEX series firmware versions 4.50 up to and including 5.21, ATP series firmware versions 4.32 up to and including 5.21, and VPN series firmware versions 4.32 up to and including 5.21, that could allow an authenticated malicious user to bypass the second authentication phase to connect the IPsec VPN server even though the two-factor authentication (2FA) was enabled.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
zyxel vpn100_firmware |
||
zyxel vpn1000_firmware |
||
zyxel vpn300_firmware |
||
zyxel vpn50_firmware |
||
zyxel atp100_firmware |
||
zyxel atp100w_firmware |
||
zyxel atp200_firmware |
||
zyxel atp500_firmware |
||
zyxel atp700_firmware |
||
zyxel atp800_firmware |
||
zyxel usg_110_firmware |
||
zyxel usg_1100_firmware |
||
zyxel usg_1900_firmware |
||
zyxel usg_20w_firmware |
||
zyxel usg_20w-vpn_firmware |
||
zyxel usg_2200-vpn_firmware |
||
zyxel usg_310_firmware |
||
zyxel usg_40_firmware |
||
zyxel usg_40w_firmware |
||
zyxel usg_60_firmware |
||
zyxel usg_60w_firmware |
||
zyxel usg_flex_100_firmware |
||
zyxel usg_flex_100w_firmware |
||
zyxel usg_flex_200_firmware |
||
zyxel usg_flex_500_firmware |
||
zyxel usg_flex_700_firmware |
||
zyxel usg200_firmware |
||
zyxel usg20_firmware |
||
zyxel usg210_firmware |
||
zyxel usg2200_firmware |
||
zyxel usg300_firmware |
||
zyxel usg310_firmware |
Vulmon