Own Zyxel a Device? Update it NOW.

Critical Threat Discovered

A hardcoded, admin-level backdoor vulnerability (CVE-2020-29583) has been found in over 1000,000 Zyxel firewalls, VPN gateways, and access point controllers.  Discovered by Eye Control researchers, these backdoor accounts can allow bad actors to access your information either via the web administration panel or the SSH interface

This flaw is so vulnerable, in fact, that it is cited as one of the worst types of vulnerabilities for software or applications to even exist, and it is IMPERATIVE that you update your devices ASAP as it could be easy exploited by an opportunistic hacker or group.

This vulnerability was found in several of Zyxel’s best selling products, including:

  • Advanced Threat Protection (ATP) series (firewall):
  • Unified Security Gateway (USG) series (hybrid firewall/VPN gateway)
  • USG FLEX series (hybrid firewall/VPN gateway)
  • VPN series (VPN gateway)
  • NXC series (WLAN access point controller)

PATCHES ARE AVAILABLE FOR ALL PRODUCTS EXCEPT THE NXC SERIES, which is expected to be available in April.  So it’s time to go update your devices.

Seriously.

Fix it now!  I’ll wait… and when you come back, we can discuss what exactly went awry.

Backdoor Anatomy

You know, it’s bad when a company experiences a breach but… It’s even worse when they fail to learn from their mistakes.

Back in 2016, CVE-2016-10401 was discovered. CVE-2016-10401 was a flaw in their devices contained a secret backdoor mechanism that allowed any user to elevate any account to “root level” simply by using the super-user (SU) password “zyad5001.”

Shockingly easy, but CVE-2020-29583 is actually worse.

CVE-2016-10401 at least required hackers to first gain access to a low-privileged account on a Zyxel device (that they would then have to elevate to root);  CVE-2020-29583, on the other hand, does not require attackers to utilize any special conditions in order to take over… Meaning you don’t have to be a skilled hacker to exploit this vulnerability.

Additionally, the 2016 vulnerability only impacted personal, at home routers; the 2020 vulnerability has impacted a variety of devices, some of which are made for corporate settings, giving attackers a wider range of targets.

Conclusion

As we have mentioned on numerous occasions, one vital step in any cyber hygiene regimen is to UPDATE YOUR SOFTWARE ASAP.  It’s also one of the easiest steps to take.  If you would like to learn more about layering your cyber security to protect your home or business, feel free to download our FREE Remote Security Checklist.  While this guide is a good starting point, if you run a business, this will not fully protect you.  If you have additional questions, feel free to give us a call at 919-422-2607 or you can schedule a free consultation online.

And remember… Stay safe out there!