Security News > 2021 > January > Hackers Exploiting Recently Disclosed Zyxel Vulnerability

Hackers Exploiting Recently Disclosed Zyxel Vulnerability
2021-01-05 13:56

Security researchers have observed the first attempts to compromise Zyxel devices using a recently disclosed vulnerability related to the existence of hardcoded credentials.

The attacks, currently small in numbers, target CVE-2020-29583, a vulnerability affecting several Zyxel firewalls and WLAN controllers that was publicly disclosed at the end of December.

Discovered by EYE security researchers, the issue impacts Zyxel USG, ATP, VPN, ZyWALL, and USG FLEX devices and exists because the password for the undocumented user account zyfwp is stored in the firmware in plaintext.

Starting January 3, security researchers at GreyNoise, a company that collects and analyzes Internet-wide scan and attack data, observed the first attempts to exploit this so-called "Backdoor account" on Zyxel devices, and they say the attacks do not appear to be targeted in nature, but rather opportunistic.

"Yesterday we saw one device start opportunistically attempting to login to servers on the internet over SSH using the 'backdoor' username and password disclosed by Zyxel for CVE-2020-29583. Today, we saw two more, bringing us to a total of three devices," GreyNoise founder Andrew Morris told SecurityWeek via email.

While these are clear attempts to find and compromise vulnerable Zyxel devices that are exposed to the Internet, attribution is not as straightforward.


News URL

http://feedproxy.google.com/~r/Securityweek/~3/VzoI0Fnkl0k/hackers-start-exploiting-recently-disclosed-zyxel-vulnerability

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2020-12-22 CVE-2020-29583 Insufficiently Protected Credentials vulnerability in Zyxel products
Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable password.
network
low complexity
zyxel CWE-522
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Zyxel 378 0 69 85 46 200