News Ars: Hackers are using unknown user accounts to target Zyxel firewalls and VPNs

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

Dan Goodin

Promotional image of roucter.

Network device maker Zyxel is warning customers of active and ongoing attacks that are targeting a range of the company’s firewalls and other types of security appliances.

In an email, the company said that targeted devices included security appliances that have remote management or SSL VPN enabled, namely in the USG/ZyWALL, USG FLEX, ATP, and VPN series running on-premise ZLD firmware. The language in the email is terse, but it appears to say that the attacks target devices that are exposed to the Internet. When the attackers succeed in accessing the device, the email further appears to say, they are then able to connect to previously unknown accounts hardwired into the devices.

Continue reading on ArsTechnica
Last edited by a moderator:


Part of the Furniture
From the link in the first post:

Based on the vague details available so far, the vulnerability sounds reminiscent of CVE-2020-29583, which stemmed from an undocumented account with full administrative system rights that used the hardcoded password “PrOw!aN_fXp.” When Zyxel fixed the vulnerability in January, however, the account was listed as “zyfwp,” a name that doesn’t appear in the email Zyxel sent to customers this week.

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!