The undocumented user account affects over 100,000 Zyxel firewalls and VPN gateways.
Dutch security researchers at Eye Control have found out that more than 100,000 Zyxel networking devices have vulnerabilities that could lead to a hacking attack.
Taiwan-based company Zyxel manufactures these devices. Zyxel is a popular manufacturer of firewalls. They market their products primarily to small and medium businesses (SMEs). Such companies often use their Unified Security Gateway (USG) product line as a firewall or VPN gateway.
Eye Control notes that as the pandemic has forced a boom in remote working, such VPN-capable devices as Zyxel produces have been selling very well lately.
The Dutch security researchers who discovered the flaw say the backdoor account is very critical in terms of vulnerability. Specifically, hackers could gain control of the vulnerable devices through either the web administration panel or through the SSH interface.
Owners of the affected devices should update their devices as soon as possible to prevent any successful hacking attempt.
Vulnerability affects enterprise level products
Affected models include many of Zyxel’s top products from its line of business-grade devices, usually deployed across private enterprise and government networks. This includes Zyxel product lines such as the Advanced Threat Protection (ATP) and Unified Security Gateway (USG) series, and the USG FLEX series. The vulnerability also affects the VPN series as well as the NXC series.
Many companies install these products at the edge of their corporate network. If hackers compromise these devices, they can then pivot and launch further attacks against internal hosts.
Patches are currently available only for the ATP, USG, USG Flex, and VPN series. Xyxel expects to issue a patches for the NXC series in April 2021, according to the company’s security advisory.