If they are successful, they will then bypass authentication and create SSL VPN tunnels with masked user accounts like “zyxel_vpn_test,” “zyxel_sllvpn,” or “zyxel_ts” to manipulate the configuration of affected devices. Response by ZyxelĪfter the experts disclosed the vulnerability, Zyxel issued a warning to its customers concerning the threat actor’s attempts to access devices through WAN. In the end, hackers were able to ship into the field an active and easy-to-abuse admin-level account. However, giving it those permissions may have been convenient during development and testing. This means that it was intended for development instead of release.īesides, an account used for fetching firmware updates doesn’t require login rights or admin access. However, if the code was still in development, the account meant for updating access points got shipped in a framework designed for updates. The company says that the entire framework sounds harmless, assuming that anything downloaded via FTP has a digital signature of its own. The plan was for wireless access points on the network to check for updates and call home to the local router. This would happen through FTP to connected access points. What Went WrongĪccording to Zyxel, hackers designed unknown accounts to enable them to deliver automatic firmware updates. According to the Dutch security firm, Eye Control, which discovered the flaw, the bug can affect 100,000 Zyxel products globally. They say that cybercriminals can exploit the vulnerability to install a hard-coded backdoor to give them administrative rights and privileges. Researchers first disclosed a vulnerability in the company’s firmware in December. These include VPN gateways, firewalls, and access point controllers. According to security researchers, hackers seem to focus their efforts on scanning vulnerable Zyxel products.
Zyxel security networks seem to be the latest target of cyberattacks. There’s a need to identify potential loopholes in security networks and seal them to beat hackers at their game. Given the recent attacks on global corporations, it’s high time that service providers and security experts improved security measures.
Zyxel Warns Users of Attacks on Firewalls and VPNĬyberattacks are on the increase, targeting all types of security devices.
0 kommentar(er)
