When you have some Zyxel in your network, it’s time to update of firmware

Currently reading
When you have some Zyxel in your network, it’s time to update of firmware

2,486
840
NAS
Synology, TrueNAS
Operating system
  1. Linux
  2. Windows

Zyxel devices (Gateways, Firewalls, VPN modules,...), specially in SOHO or SME segment devices, have serious problem based on:
The vulnerability stems from Zyxel devices containing an undocumented account (called zyfwp) that has an unchangeable password – which can be found in cleartext in the firmware
and what is even worse:
As the zyfwp user has admin privileges, this is a serious vulnerability. An attacker could completely compromise the confidentiality, integrity and availability of the device.
at the source side you can find the firmware hardcoded password for the admin user.

here is complete research report :
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

  • Question
Just wondering what the general consensus is regarding the move online for access control solutions...
Replies
1
Views
839
Did you try creating a firewall rule in SRM that blocks primary network from accessing the management TCP...
Replies
3
Views
2,135
I'm not familiar with the router hardware and I don't use OpenWRT but I have seen it enough to trigger a...
Replies
11
Views
3,109
Sorry, as I'm unable to edit my post above I'm making a new post.. akirainblack/nessus (ONLY use that one...
Replies
16
Views
4,052
I thought I'd set off a System scan on the DS215j, just to see how long that would take. It skipped...
Replies
10
Views
1,810

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Back
Top