 |
| Taiwan Zyxel network products are under threat |
A group of Dutch security researchers from Eye Control discovered the back end account of a network producer from the Taiwanese company Zyxel that had put their devices at risk.
More than 100,000 Zyxel firewalls, VPN gateways, and access point controllers contain an encrypted admin-level security account, with which attackers can access the device via the SSH interface or web-based administration window.
Hardware owners are advised to update the system as soon as possible. Security experts warn that anyone from DDoS network operators to government-funded hacking organizations and ransomware gangs can misuse this encrypted account to access vulnerable websites. Preparing the internal network and moving to it to launch more attacks.
The affected models include many of Zyxel's best products made from commercial devices commonly found in residential and government networks.
This includes Zyxel product line such as:
ATP Series - Mainly used as a firewall.
The USG Series is used as a gateway to hybrid firewalls and virtual private networks.
USG FLEX Series - Used as a gateway to hybrid firewalls and virtual private networks.
The VPN series is used as a gateway to a virtual private network.
The NXC series is used as an access point controller for wireless networks.
Many of these devices are in use on the corporate network. Once attacked, attackers can use them to launch more attacks against internal hosts.
Zyxel said it is currently only available for ATP series security patches, USG, USG Flex and VPN, while NXC series patches are expected to launch in April 2021.
According to Eye Control researchers, installing the patch removes the main account using a username (zyfwp) and a password (PrOw! AN_fXp).
The Dutch researcher said: The backend account can access the root user of the device as this account is used to install firmware updates for other Zyxel devices connected via FTP.
Attackers can now access a variety of victims, most of them companies, and vulnerable devices are mainly sold to companies to control who has remote access to the intranet.
Network hardware vulnerabilities are widely used to attack corporate and government networks, and new backdoors in Zyxel products for new companies and government agencies can provide the same types of attacks as in the past. During the past two years.