• Welcome to the world's largest Chinese hacker forum

    Welcome to the world's largest Chinese hacker forum, our forum registration is open! You can now register for technical communication with us, this is a free and open to the world of the BBS, we founded the purpose for the study of network security, please don't release business of black/grey, or on the BBS posts, to seek help hacker if violations, we will permanently frozen your IP and account, thank you for your cooperation. Hacker attack and defense cracking or network Security

    business please click here: Creation Security  From CNHACKTEAM

Secret Backdoor Account Found in Several Zyxel Firewall, VPN Products


Recommended Posts

Zyxel Firewall, VPN Backdoor Account

Zyxel has released a patch to address a critical vulnerability in its firmware concerning a hardcoded, undocumented secret account that could be abused by an attacker to login with administrative privileges and compromise its networking devices.

The flaw, tracked as CVE-2020-29583 (CVSS score 7.8), affects version 4.60 present in a wide-range of Zyxel devices, including Unified Security Gateway (USG), USG FLEX, ATP, and VPN firewall products.

EYE researcher Niels Teusink reported the vulnerability to Zyxel on November 29, following which the company released a firmware patch (ZLD V4.60 Patch1) on December 18.

According to the advisory published by Zyxel, the undocumented account ("zyfwp") comes with an unchangeable password ("PrOw!aN_fXp") that's not only stored in plaintext but could also be used by a malicious third-party to login to the SSH server or web interface with admin privileges.

Zyxel said the hardcoded credentials were put in place to deliver automatic firmware updates to connected access points through FTP.

Noting that around 10% of 1000 devices in the Netherlands run the affected firmware version, Teusink said the flaw's relative ease of exploitation makes it a critical vulnerability.

"As the 'zyfwp' user has admin privileges, this is a serious vulnerability," Teusink said in a write-up. "An attacker could completely compromise the confidentiality, integrity and availability of the device."

"Someone could for example change firewall settings to allow or block certain traffic. They could also intercept traffic or create VPN accounts to gain access to the network behind the device. Combined with a vulnerability like Zerologon this could be devastating to small and medium businesses."

patch.jpg

The Taiwanese company is also expected to address the issue in its access point (AP) controllers with a V6.10 Patch1 that's set to be released in April 2021.

It's highly recommended that users install the necessary firmware updates to mitigate the risk associated with the flaw.

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now