Backdoor account discovered in more than 100,000 Zyxel firewalls, VPN gateways

[SamM]

More than 100,000 Zyxel firewalls, VPN gateways, and access point controllers contain a hardcoded admin-level backdoor account that can grant attackers root access to devices via either the SSH interface or the web administration panel.


The backdoor account, discovered by a team of Dutch security researchers from Eye Control, is considered as bad as it gets in terms of vulnerabilities.

read more... https://www.zdnet.com/google-amp/article/backdoor-account-discovered-in-more-than-100000-zyxel-firewalls-vpn-gateways/

 

[concord]

Not good for companies using them. I guess these are not very "diligent" in protecting, but very "cooperative" to hackers . Thought of using one a long time ago, but went with Cisco PIX firewall instead.

From wikipedia:
Zyxel’s Chinese name, 合勤, is pronounced “Her-Chin” (Héqín) and means “cooperative and diligent.”

 

[mikeynags]

Anyone who truly knows anything about setting up secure networks would know better than to expose those services to the Internet. The problem is all the other network admins that don't know better