When you have some Zyxel in your network, it’s time to update of firmware

Currently reading
When you have some Zyxel in your network, it’s time to update of firmware

jeyare

jeyare

Subscriber
1,767
581
threatpost.com

Cybercriminals Ramp Up Exploits Against Serious Zyxel Flaw

More than 100,000 Zyxel networking products could be vulnerable to a hardcoded credential vulnerability (CVE-2020-29583) potentially allowing cybercriminal device takeover.
threatpost.com threatpost.com
Click to expand...

Zyxel devices (Gateways, Firewalls, VPN modules,...), specially in SOHO or SME segment devices, have serious problem based on:
The vulnerability stems from Zyxel devices containing an undocumented account (called zyfwp) that has an unchangeable password – which can be found in cleartext in the firmware
Click to expand...
and what is even worse:
As the zyfwp user has admin privileges, this is a serious vulnerability. An attacker could completely compromise the confidentiality, integrity and availability of the device.
Click to expand...
at the source side you can find the firmware hardcoded password for the admin user.

here is complete research report :
www.eyecontrol.nl

Undocumented user account in Zyxel products (CVE-2020-29583)

Niels Teusink, Senior Cyber Security Specialist at EYE, explains how he found an undocumented user account in Zyxel security appliances.
www.eyecontrol.nl www.eyecontrol.nl
Click to expand...
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Register

Log in

Already have an account? Log in here.

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Register

Trending threads

Top