Firewall

ZyXEL USG40

ZyXEL USG40 Unified Security Gateway for small office.

Specifications

UTM: Yes
VPN: IPSec, SSL
Ports: 4x Gigabit + 1x WAN
Throughput: 900 Mbps

Potential Threats

Critical

High

Medium

Low

10 Known CVEs

5 critical vulnerabilities found — immediate patching required.

Low vulnerability count — keep firmware up to date.

Audit firewall rules and remove unused allow entries. Enable detailed logging. Restrict management access to trusted IPs only.

Known CVE Vulnerabilities (10)

Default IP

192.168.1.1

Default admin panel address for ZyXEL USG40

IP Info Open Admin Panel

Default Credentials — ZyXEL USG40

Access Type	Protocol	Port
web	HTTP	80
web	HTTPS	443
ssh	SSH	22
console	console	—

Known CVE Vulnerabilities (10)

Sort:

CVE-2022-38547 2023

A post-authentication command injection vulnerability in the CLI command of Zyxel ZyWALL/USG series firmware versions 4.20 through 4.72, VPN series fi...

7.2

CVE-2022-40603 2022

A cross-site scripting (XSS) vulnerability in the CGI program of Zyxel ZyWALL/USG series firmware versions 4.30 through 4.72, VPN series firmware vers...

4.7

CVE-2022-30526 2022

A privilege escalation vulnerability was identified in the CLI command of Zyxel USG FLEX 100(W) firmware versions 4.50 through 5.30, USG FLEX 200 firm...

7.8

CVE-2022-2030 2022

A directory traversal vulnerability caused by specific character sequences within an improperly sanitized URL was identified in some CGI programs of Z...

6.5

CVE-2022-0342 2022

An authentication bypass vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.20 through 4.70, USG FLEX series firmware ver...

9.8

CVE-2021-35029 2021

An authentication bypasss vulnerability in the web-based management interface of Zyxel USG/Zywall series firmware versions 4.35 through 4.64 and USG F...

9.8

CVE-2020-29583 2020

Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable password. The password for this account can b...

9.8

CVE-2020-25014 2020

A stack-based buffer overflow in fbwifi_continue.cgi on Zyxel UTM and VPN series of gateways running firmware version V4.30 through to V4.55 allows re...

9.8

CVE-2020-9054 2020

Multiple ZyXEL network-attached storage (NAS) devices running firmware version 5.21 contain a pre-authentication command injection vulnerability, whic...

9.8

CVE-2019-9955 2019

On Zyxel ATP200, ATP500, ATP800, USG20-VPN, USG20W-VPN, USG40, USG40W, USG60, USG60W, USG110, USG210, USG310, USG1100, USG1900, USG2200-VPN, ZyWALL 11...

6.1

FAQ

What is the default password for ZyXEL USG40?

The most common default credentials for ZyXEL USG40 are listed in the table above. Always change these immediately after setup.

What is the default username for ZyXEL USG40?

The default username for ZyXEL USG40 is typically "admin". The full list of default credentials including username, password, access type and port is shown in the table on this page.

How do I change the password on ZyXEL USG40?

Log in to the admin panel using the default credentials listed above. Navigate to Administration → Password or System → Account settings. Enter the current password and set a new strong password. Save the changes.

How do I reset ZyXEL USG40 to factory defaults?

Locate the Reset button (usually a small pinhole on the back/bottom of the device). Hold it for 10-30 seconds while powered on until the LEDs flash. The device will reboot with default settings.

Is it safe to leave default credentials unchanged?

No. Default credentials are publicly known and frequently exploited by automated scanners. Change the admin password immediately after first login.

Does ZyXEL USG40 have known security vulnerabilities?

ZyXEL USG40 has 10 known CVE vulnerabilities documented in our database. The full list with severity ratings is shown on this page. Apply the latest firmware update from the manufacturer to address known issues.

Related Devices