More than 100.000 Zyxel firewalls, VPN gateways and access point controllers contain an administrator-level backdoor account with an encrypted password.
The built-in account it can grant access to any attacker via SSH or through the web administration panel.
Ο backdoor λογαριασμός, που ανακαλύφθηκε από μια ομάδα Ολλανδών ερευνητών ασφαλείας της Eye Control, is considered too dangerous.
So all device owners are advised to update their systems immediately.
Security experts warn that every botnet for DDoS, hacking groups and ransomware gangs can abuse this backdoor to access vulnerable devices and browse internal networks for additional attacks.
Be careful if you have the following Zyxel product lines:
- Advanced Threat Protection (ATP) series – firewall
- Unified Security Gateway (USG) series – hybrid firewall and VPN gateway
- USG FLEX series - hybrid firewal and VPN gateway
- VPN series - VPN gateway
- NXC series - WLAN access point controller
Updates are currently only available for the ATP, USG, USG Flex and VPN series. The NXC series is expected in April 2021, according with Zyxel.