Home News Over 100,000 Zyxel Devices Vulnerable to Secret Backdoor

Over 100,000 Zyxel Devices Vulnerable to Secret Backdoor

More than 100,000 Zyxel firewalls, VPNs, APTs, and access point controllers are vulnerable to a secret backdoor caused by hardcoded flaw that could allow attackers to break into corporate networks

SHARE
Zyxel Devices Vulnerable to Secret Backdoor

Researchers from EYE discovered a hardcoded credential vulnerability in Zyxel’s firewalls, VPN gateways, and access point controllers that could allow attackers root access to devices through the SSH interface or the web administration panel. According to EYE’s security researcher Niels Teusink, over 100,000 Zyxel devices are potentially vulnerable to the flaw. DDoS botnet operators, state-sponsored hackers, or other cybercriminals could abuse this backdoor account to access vulnerable devices and break into internal networks.

Zyxel is a popular manufacturer of networking devices. Its Unified Security Gateway (USG) products are mostly used as a firewall or VPN gateway.

“When doing some research (rooting) on my Zyxel USG40, I was surprised to find a user account ‘zyfwp’ with a password hash in the latest firmware version (4.60 patch 0). The plaintext password was visible in one of the binaries on the system. I was even more surprised that this account seemed to work on both the SSH and web interface,” Teusink explained.

Affected Devices

The vulnerability, tracked as CVE-2020-29583 with CVSS score 7.8, affected several of Zyxel’s products that are deployed across private and government enterprise networks. These include:

  • ZyWALL (anti- virus, anti-spam, and intrusion detection services provider)
  • The Advanced Threat Protection (ATP) series (firewall protection service)
  • The Unified Security Gateway (USG) series (a hybrid firewall and VPN gateway)
  • The USG FLEX series (a hybrid firewall and VPN gateway)
  • The VPN series (VPN gateways)
  • The NXC series (a WLAN access point controller)

Patches Released!

Zyxel immediately released firmware patches to address the critical vulnerability. These include:

Firewall Patches

 

Affected product series

 

Patch available in
ATP series running firmware ZLD V4.60 ZLD V4.60 Patch1 in Dec. 2020
USG series running firmware ZLD V4.60 ZLD V4.60 Patch1 in Dec. 2020
USG FLEX series running firmware ZLD V4.60 ZLD V4.60 Patch1 in Dec. 2020
VPN series running firmware ZLD V4.60 ZLD V4.60 Patch1 in Dec. 2020

 

AP Controller Patches

NXC5500 running firmware V6.00 through V6.10 V6.10 Patch1 on Jan. 8, 2021
NXC2500 running firmware V6.00 through V6.10 V6.10 Patch1 on Jan. 8, 2021

Zyxel urged users and system administrators to immediately install the applicable updates for further protection and to avoid any security incidents in the future.