More than 100.000 Zyxel firewalls, VPN gateways and access point controllers contain an encrypted admin-level account backdoor code access.
The built-in account it can grant access to any attacker via SSH or through the web administration panel.
The backdoor account, discovered by a team of Dutch Eye Control security researchers, is considered very dangerous.
So all device owners are advised to update their systems immediately.
Security experts warn that any DDoS botnet, hacking groups and ransomware gangs can abuse this backdoor to access vulnerable devices and browse internal networks for additional attacks.
The models those affected include many of Zyxel's top-of-the-line products from the line of professional-grade devices typically found in private enterprise and government networks.
Be careful if you have the following Zyxel product lines:
- Advanced Threat Protection (ATP) series - firewall
- Unified Security Gateway (USG) series - hybrid firewall and VPN gateway
- USG FLEX series - hybrid firewal and VPN gateway
- VPN series - VPN gateway
- NXC series - WLAN access point controller
Updates are currently only available for the ATP, USG, USG Flex and VPN series. The NXC series is expected in April 2021, according with Zyxel.