Researchers at Eye Control security discovered a hard-coded admin-level backdoor account as a Zyxel firmware binary revealed username and password.
Admin-Level Backdoor Discovered in Zyxel Firewalls
A Dutch cybersecurity firm Eye Control’s team of security researchers has identified backdoor account in over 100,000 Zyxel firewalls, access point controllers, and VPN gateways. The hard-coded, admin-level account allows attackers to obtain root access to devices through the web administration panel or the SSH interface. Zyxel is a networking device manufacturer based in Hsinchu, Taiwan.
Easy to Exploit Vulnerability
Researchers stated that it is a serious issue in terms of vulnerabilities, and device owners must update their systems immediately. That’s because anyone can exploit it easily, from DDoS botnet operators to ransomware groups and state-sponsored hackers.
By abusing the backdoor account, cybercriminals can access vulnerable devices and infect internal networks to launch additional attacks. An attacker can log in to the device with administrative privileges and easily compromise the networking devices.
[See: Hackers leak login credentials of vulnerable Fortinet SSL VPNs]
Researcher Niels Teusink states that this is a serious vulnerability because a threat actor can launch a range of attacks and ‘completely compromise the confidentiality, integrity, and availability of the device.
“Someone could, for example, change firewall settings to allow or block certain traffic. They could also intercept traffic or create VPN accounts to gain access to the network behind the device. Combined with a vulnerability like Zerologon, this could be devastating to small and medium businesses,” Teusink stated in a backdoor account found zyxel firewalls gateways
