What just happened Researchers from cyber security specialist Eye recently discovered a secret back door that was recently introduced in a firmware update for various Zyxel firewalls and AP controllers. The hard-coded credentials vulnerability consists of an undocumented user account with a clear text password.
According to Eye, the account grants administrator rights and works on both the SSH and the web interface.
Eye said an attacker could use the credentials to change the firewall settings to block or allow certain traffic. VPN accounts can also be created to gain access to the network behind the device. Combined with other vulnerabilities like Zerologon, this could be devastating for small and medium-sized businesses.
The security firm said more than 100,000 Zyxel devices exposed their web interface to the Internet.
Zyxel said in a security advisory that the account was designed to provide automatic firmware updates for connected access points …