General Discussion > Information Technology & Cyber Security

Backdoor account discovered in more than 100,000 Zyxel firewalls, VPN gateways

(1/1)

adroth:
Backdoor account discovered in more than 100,000 Zyxel firewalls, VPN gateways
The username and password (zyfwp/PrOw!aN_fXp) were visible in one of the Zyxel firmware binaries.

https://www.zdnet.com/article/backdoor-account-discovered-in-more-than-100000-zyxel-firewalls-vpn-gateways/

More than 100,000 Zyxel firewalls, VPN gateways, and access point controllers contain a hardcoded admin-level backdoor account that can grant attackers root access to devices via either the SSH interface or the web administration panel.

The technology world has spent so much of the past two decades focused on innovation that security has often been an afterthought. Learn how and why it is finally changing.

Read More

The backdoor account, discovered by a team of Dutch security researchers from Eye Control, is considered as bad as it gets in terms of vulnerabilities.

Device owners are advised to update systems as soon as time permits.

Security experts warn that anyone ranging from DDoS botnet operators to state-sponsored hacking groups and ransomware gangs could abuse this backdoor account to access vulnerable devices and pivot to internal networks for additional attacks.

< Edited >

Navigation

[0] Message Index

Go to full version