Serious vulnerability on Zyxel network equipment: 100 thousand devices at risk
Source: HW Upgrade added 04th Jan 2021
An access with admin privileges allows to take full control of the devices, with the risk of compromising the traffic passing through them. Corrective patches are already available for almost all affected devices
by Andrea Bai published 04 January 2021 , at 12: 41 in the Security channel
The security company EYE has identified one critical vulnerability in addition 100 thousand firewalls, VPN gateways and access point controllers of Zyxel , which has the potential to completely compromise their integrity and consequently the confidentiality of the data passing through it. The vulnerability originates from the exposure of a username and password pair with administrator privileges which in fact represents a “hard-coded” backdoor for all devices affected by the problem.
Zyxel vulnerability: it is a hard-coded backdoor
This situation allows hackers and malicious people to be able to obtain root access and therefore complete control of the devices both via SSH and via the web interface panel. The issue affects firewalls running ZLD V4 firmware. 60 and touches the ATP, USG, USG FLEX and VPN series . NXC 2500 and NXC
AP controllers are also affected .
This is a vulnerability which could be particularly dangerous for small businesses when combined with others. Niels Teusink, the EYE researcher who analyzed the problem, commented: “An attacker could change the firewall settings to allow or block certain traffic. It would be possible to intercept the traffic and create VPN accounts to gain access to the network that is going to. shoulders of the device “. Zyxel supplies network devices to different types of customers, from individuals to businesses, and is particularly popular with small and medium-sized businesses. The exposed credentials are used to provide automatic firmware updates to devices connected via FTP.
EYE notified the vulnerability to Zyxel at the end of November, stating that the company gave immediate feedback by proceeding to solve the problem. Zyxel gave public evidence of the problem at the end of December by releasing patches for the affected devices, but not all: the corrective update for the access point controllers is in fact planned for the month of April.
Vulnerabilities of this type have become increasingly common in the recent past. It is the VPN structures that are most at risk, since in the face of the need to be active 24 : 7 it is less likely that they will always be updated promptly. The problem, on the other hand, is amplified in the case of private users, who normally do not update the firmware of their devices or do it not particularly frequently.