Backdoor account discovered in more than 100,000 Zyxel firewalls, VPN gateways

SamM

Pulling my weight
Joined
Mar 29, 2020
Messages
245
Reaction score
109
Location
SA
More than 100,000 Zyxel firewalls, VPN gateways, and access point controllers contain a hardcoded admin-level backdoor account that can grant attackers root access to devices via either the SSH interface or the web administration panel.


The backdoor account, discovered by a team of Dutch security researchers from Eye Control, is considered as bad as it gets in terms of vulnerabilities.

read more... https://www.zdnet.com/google-amp/article/backdoor-account-discovered-in-more-than-100000-zyxel-firewalls-vpn-gateways/
 

concord

Getting comfortable
Joined
Oct 24, 2017
Messages
663
Reaction score
739
Not good for companies using them. I guess these are not very "diligent" in protecting, but very "cooperative" to hackers :oops:. Thought of using one a long time ago, but went with Cisco PIX firewall instead.

From wikipedia:
Zyxel’s Chinese name, 合勤, is pronounced “Her-Chin” (Héqín) and means “cooperative and diligent.
 

mikeynags

Known around here
Joined
Mar 14, 2017
Messages
1,034
Reaction score
939
Location
CT
Anyone who truly knows anything about setting up secure networks would know better than to expose those services to the Internet. The problem is all the other network admins that don't know better :)
 
Top