Niels Teusink, a researcher at Netherlands-based security firm Eye Control, found that hackers are attempting to exploit a backdoor built into several Zyxel device models used as VPNs, firewalls, and wireless access points by thousands of individuals and businesses.
This backdoor is an undocumented user account with full administrative rights that is hardcoded into the device’s firmware, which can be accessed over SSH or through a Web interface.
Said Teusink, "An attacker could completely compromise the confidentiality, integrity and availability of the device.”
A fix already is available for firewall models and will be available Jan. 8 for AP controllers.
From Ars Technica
View Full Article
Abstracts Copyright © 2021 SmithBucklin, Washington, DC, USA