Backdoor account discovered in more than 100,000 Zyxel firewalls, VPN gateways | ZDNet
More than 100,000 Zyxel firewalls, VPN gateways, and access point controllers contain a hardcoded admin-level backdoor account that can grant attackers root access to devices via either the SSH interface or the web administration panel.
SPECIAL FEATURE
Cybersecurity in an IoT and Mobile World
Cybersecurity in an IoT and Mobile World
The technology world has spent so much of the past two decades focused on innovation that security has often been an afterthought. Learn how and why it is finally changing.
Read More
The backdoor account, discovered by a team of Dutch security researchers from Eye Control, is considered as bad as it gets in terms of vulnerabilities.
Also: Best VPNs
Device owners are advised to update systems as soon as time permits.
Security experts warn that anyone ranging from DDoS botnet operators to state-sponsored hacking groups and ransomware gangs could abuse this backdoor account to access vulnerable devices and pivot to internal networks for additional attacks.
Affected modules include many enterprise-grade devices
Affected models include many of Zyxel's top products from its line of business-grade devices, usually deployed across private enterprise and government networks.
This includes Zyxel product lines such as:
the Advanced Threat Protection (ATP) series - used primarily as a firewall
the Unified Security Gateway (USG) series - used as a hybrid firewall and VPN gateway
the USG FLEX series - used as a hybrid firewall and VPN gateway
the VPN series - used as a VPN gateway
the NXC series - used as a WLAN access point controller
Many of these devices are used at the edge of a company's network and, once compromised, allow attackers to pivot and launch further attacks against internal hosts.
Patches are currently available only for the ATP, USG, USG Flex, and VPN series. Patches for the NXC series are expected in April 2021, according to a Zyxel security advisory.
SPECIAL FEATURE
Cybersecurity in an IoT and Mobile World
Cybersecurity in an IoT and Mobile World
The technology world has spent so much of the past two decades focused on innovation that security has often been an afterthought. Learn how and why it is finally changing.
Read More
The backdoor account, discovered by a team of Dutch security researchers from Eye Control, is considered as bad as it gets in terms of vulnerabilities.
Also: Best VPNs
Device owners are advised to update systems as soon as time permits.
Security experts warn that anyone ranging from DDoS botnet operators to state-sponsored hacking groups and ransomware gangs could abuse this backdoor account to access vulnerable devices and pivot to internal networks for additional attacks.
Affected modules include many enterprise-grade devices
Affected models include many of Zyxel's top products from its line of business-grade devices, usually deployed across private enterprise and government networks.
This includes Zyxel product lines such as:
the Advanced Threat Protection (ATP) series - used primarily as a firewall
the Unified Security Gateway (USG) series - used as a hybrid firewall and VPN gateway
the USG FLEX series - used as a hybrid firewall and VPN gateway
the VPN series - used as a VPN gateway
the NXC series - used as a WLAN access point controller
Many of these devices are used at the edge of a company's network and, once compromised, allow attackers to pivot and launch further attacks against internal hosts.
Patches are currently available only for the ATP, USG, USG Flex, and VPN series. Patches for the NXC series are expected in April 2021, according to a Zyxel security advisory.
