Hackers are exploiting a backdoor built into Zyxel devices. Are you patched?

reader comments

88 with 57 posters participating

Hackers are attempting to exploit a recently discovered backdoor built into multiple Zyxel device models that hundreds of thousands of individuals and businesses use as VPNs, firewalls, and wireless access points.

The backdoor comes in the form of an undocumented user account with full administrative rights that’s hardcoded into the device firmware, a researcher from Netherlands-based security firm Eye Control recently reported. The account, which uses the username zyfwp, can be accessed over either SSH or through a Web interface.

A serious vulnerability

The researcher warned that the account put users at considerable risk, particularly if it were used to exploit other vulnerabilities such as Zerologon, a critical Windows flaw that allows attackers to instantly become all-powerful network administrators.

“As the zyfwp user has admin privileges, this is a serious vulnerability,” Eye Control researcher Niels Teusink wrote. “An attacker could completely compromise the confidentiality, integrity and availability of the device. Someone could for example change firewall settings to allow or block certain traffic. They could also intercept traffic or create VPN accounts to gain access to the network behind the device. Combined with a vulnerability like Zerologon this could be devastating to small and medium businesses.”

Andrew Morris, founder and CEO of security firm GreyNoise, said on Monday that his company’s sensors have detected automated attacks that are using the account credentials in an attempt to log in to vulnerable devices. In most or all of the login attempts, the attackers have simply added the credentials to existing lists of default username/password combinations used to hack into unsecured routers and other types of devices.

<aside class="ad_wrapper"

Continue reading – Article source