News Ars: Hackers are using unknown user accounts to target Zyxel firewalls and VPNs

[Dan Goodin]

Network device maker Zyxel is warning customers of active and ongoing attacks that are targeting a range of the company’s firewalls and other types of security appliances.

In an email, the company said that targeted devices included security appliances that have remote management or SSL VPN enabled, namely in the USG/ZyWALL, USG FLEX, ATP, and VPN series running on-premise ZLD firmware. The language in the email is terse, but it appears to say that the attacks target devices that are exposed to the Internet. When the attackers succeed in accessing the device, the email further appears to say, they are then able to connect to previously unknown accounts hardwired into the devices.

Continue reading on ArsTechnica

 

[RMerlin]

they are then able to connect to previously unknown accounts hardwired into the devices.

If you firewall vendor has "unknown accounts hardwired", time to switch vendor, seriously...

 

[AndreiV]

Again , or is this a re-run of the same problem ?

>> Zyxel / hackers / Arstechnica <<

 

[L&LD]

From the link in the first post:

Based on the vague details available so far, the vulnerability sounds reminiscent of CVE-2020-29583, which stemmed from an undocumented account with full administrative system rights that used the hardcoded password “PrOw!aN_fXp.” When Zyxel fixed the vulnerability in January, however, the account was listed as “zyfwp,” a name that doesn’t appear in the email Zyxel sent to customers this week.