SpinSafe
  • Best VPN Deals
  • News
  • National Cyber Alerts
  • How To
    • Secure Your Wireless Network
    • Home Network Security
  • Search
  • Menu Menu
  • Twitter
  • Rss

Backdoor account discovered in more than 100,000 Zyxel firewalls, VPN gateways

January 2, 2021/in Internet Security /by SecureTech


zyxelatp.jpg

Image: Zyxel

More than 100,000 Zyxel firewalls, VPN gateways, and access point controllers contain a hardcoded admin-level backdoor account that can grant attackers root access to devices via either the SSH interface or the web administration panel.

The backdoor account, discovered by a team of Dutch security researchers from Eye Control, is considered as bad as it gets in terms of vulnerabilities.

Device owners are advised to update systems as soon as time permits.

Security experts warn that anyone ranging from DDoS botnet operators to state-sponsored hacking groups and ransomware gangs could abuse this backdoor account to access vulnerable devices and pivot to internal networks for additional attacks.

Affected modules include many enterprise-grade devices

Affected models include many of Zyxel’s top products from its line of business-grade devices, usually deployed across private enterprise and government networks.

This includes Zyxel product lines such as:

  • the Advanced Threat Protection (ATP) series – used primarily as a firewall
  • the Unified Security Gateway (USG) series – used as a hybrid firewall and VPN gateway
  • the USG FLEX series – used as a hybrid firewall and VPN gateway
  • the VPN series – used as a VPN gateway
  • the NXC series – used as a WLAN access point controller

Many of these devices are used at the edge of a company’s network and, once compromised, allow attackers to pivot and launch further attacks against internal hosts.

Patches are currently available only for the ATP, USG, USG Flex, and VPN series. Patches for the NXC series are expected in April 2021, according to a Zyxel security advisory.

zyxel-products.png

Backdoor account was easy to discover

Installing patches removes the backdoor account, which, according to Eye Control researchers, uses the “zyfwp” username and the “PrOw!aN_fXp” password.

“The plaintext password was visible in one of the binaries on the system,” the Dutch researchers said in a report published before the Christmas 2020 holiday.

Researchers said the account had root access to the…

Source…

Tags: account, backdoor, discovered, Firewalls, gateways, VPN, ZyXEL
Share this entry
  • Share on Facebook
  • Share on Twitter
  • Share on WhatsApp
  • Share on Pinterest
  • Share on Tumblr
  • Share on Reddit
https://spinsafe.com/wp-content/uploads/2021/01/zyxelatp.jpg 578 770 SecureTech https://spinsafe.com/wp-content/uploads/2016/11/spinsafelogo-1.png SecureTech2021-01-02 12:30:042021-01-02 12:30:04Backdoor account discovered in more than 100,000 Zyxel firewalls, VPN gateways

Tamper Evident Labels
Theft-resistant labels for asset protection

Archives

© 2021 SpinSafe
SpinSafe may be compensated by providing links to products, services, websites, and various other options.
  • Twitter
  • Rss
  • Privacy Policy
  • Terms of Service
Butler County Sheriff’s Office discovered malware activity on its emergency... Bitcoin Exceeds $30k To Hit (Yes Another) All-time High
Scroll to top