Security News > 2021 > January > Secret Backdoor Account Found in Several Zyxel Firewall, VPN Products

Secret Backdoor Account Found in Several Zyxel Firewall, VPN Products
2021-01-04 09:12

Zyxel has released a patch to address a critical vulnerability in its firmware concerning a hardcoded, undocumented secret account that could be abused by an attacker to login with administrative privileges and compromise its networking devices.

The flaw, tracked as CVE-2020-29583, affects version 4.60 present in a wide-range of Zyxel devices, including Unified Security Gateway, USG FLEX, ATP, and VPN firewall products.

EYE researcher Niels Teusink reported the vulnerability to Zyxel on November 29, following which the company released a firmware patch on December 18.

According to the advisory published by Zyxel, the undocumented account comes with an unchangeable password that's not only stored in plaintext but could also be used by a malicious third-party to login to the SSH server or web interface with admin privileges.

Zyxel said the hardcoded credentials were put in place to deliver automatic firmware updates to connected access points through FTP. Noting that around 10% of 1000 devices in the Netherlands run the affected firmware version, Teusink said the flaw's relative ease of exploitation makes it a critical vulnerability.

"Someone could for example change firewall settings to allow or block certain traffic. They could also intercept traffic or create VPN accounts to gain access to the network behind the device. Combined with a vulnerability like Zerologon this could be devastating to small and medium businesses."


News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/_6qBL9bg0LE/secret-backdoor-account-found-in.html

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2020-12-22 CVE-2020-29583 Insufficiently Protected Credentials vulnerability in Zyxel products
Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable password.
network
low complexity
zyxel CWE-522
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Zyxel 378 0 69 85 46 200