A critical security vulnerability discovered by a Dutch security specialist at EYE enables hackers to completely compromise the confidentiality, integrity and availability of more than 100,000 Zyxel firewalls, VPN gateways and access point controllers.
Speckled by ZDNetThe underreported vulnerability was caused by a disclosed username and password with administrative privileges. This is essentially a hard-coded back door to the devices. Through the back door, hackers can gain root access or complete control of the devices through the SSH and web administration interface panels. Affected firewalls running ZLD V4.60 firmware include the ATP series, USG series, USG FLEX series, and VPN series. The NXC2500 and NXC5500 AP controllers have also been compromised.
A full list of the affected devices and their patches is available Here.
Niels Teusink, the senior cybersecurity specialist at EYE, who is responsible for the exposed …