A researcher from the Dutch security company EYE has discovered a critical security flaw in Zyxel’s firewall and VPN gateways that can be traced back to disclosed credentials.
Zyxel sells a number of popular firewall and VPN gateway devices. Niels Teusink, a researcher at EYE, discovered A major problem that leaves over 100,000 devices vulnerable.
While researching (rooting) my Zyxel USG40, I was surprised to find a user account ‘zyfwp’ with a password hash in the latest firmware version (4.60 patch 0). The clear text password was visible in one of the system’s binary files. I was even more surprised that this account appeared to work on both the SSH and web interfaces.
Teusink further emphasizes why this vulnerability is so dangerous.
Because the zyfwp user has administrative rights, this is a serious security vulnerability. An attacker could completely compromise the confidentiality, integrity, and availability of the device. For example, someone could change the firewall settings to accommodate certain …