What's new

News Ars: Hackers are using unknown user accounts to target Zyxel firewalls and VPNs

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

D

Dan Goodin

Guest
Promotional image of roucter.



Network device maker Zyxel is warning customers of active and ongoing attacks that are targeting a range of the company’s firewalls and other types of security appliances.

In an email, the company said that targeted devices included security appliances that have remote management or SSL VPN enabled, namely in the USG/ZyWALL, USG FLEX, ATP, and VPN series running on-premise ZLD firmware. The language in the email is terse, but it appears to say that the attacks target devices that are exposed to the Internet. When the attackers succeed in accessing the device, the email further appears to say, they are then able to connect to previously unknown accounts hardwired into the devices.

Continue reading on ArsTechnica
 
Last edited by a moderator:
they are then able to connect to previously unknown accounts hardwired into the devices.
If you firewall vendor has "unknown accounts hardwired", time to switch vendor, seriously...
 
From the link in the first post:

Based on the vague details available so far, the vulnerability sounds reminiscent of CVE-2020-29583, which stemmed from an undocumented account with full administrative system rights that used the hardcoded password “PrOw!aN_fXp.” When Zyxel fixed the vulnerability in January, however, the account was listed as “zyfwp,” a name that doesn’t appear in the email Zyxel sent to customers this week.
 

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top