Zyxel Firewall/VPN Products at Risk Due to Vulnerability
Table of Contents
- By Dawna M. Roberts
- Published: Jan 08, 2021
- Last Updated: Mar 18, 2022
Zyxel is a major player when it comes to network products. But The Hacker News reported on January 1 that a critical vulnerability had been discovered in its firmware putting users of its Firewall/VPN products at extreme risk.
Who is Zyxel?
Zyxel is a Taiwanese company with offices in North America, Europe, and Asia, and they make and distribute dozens of networking devices. They employ more than 1,500 staff members across 35 branch offices and use distributors in 70 countries. They work with various network equipment vendors, ISPs, and telecommunications companies. Although they have a network of distributors, the company also sells direct to consumers.
The Flaw
Zyxel just released a patch to fix a firmware issue that could allow a hacker to log onto the device with administrative privileges and take over completely controlling the network.
The flaw was identified as CVE-2020-29583 (CVSS score 7.8) and affects version 4.60. The issue involves a wide variety of Zyxel products, including USG FLEX, ATP, VPN firewall products, and Unified Security Gateway (USG).
The Dangers of This Backdoor
The Hacker News said that “According to the advisory published by Zyxel, the undocumented account (“zyfwp”) comes with an unchangeable password that’s not only stored in plaintext but could also be used by a malicious third-party to login to the SSH server or web interface with admin privileges.”
The hidden account (zyfwp) has admin privileges and an unchangeable password that is stored in plain text. According to The Hacker News, “Zyxel said the hardcoded credentials were put in place to deliver automatic firmware updates to connected access points through FTP.” However, this gaping hole could also easily let in hackers once they become aware of the flaw.
Niels Teusink, EYE researcher, reported the bug to Zyxel on November 29, and the company released a patch (ZLD V4.60 Patch1) on December 18. Teusink mentioned that 10% of the 1000 Zyxel devices in the Netherlands run that firmware version making this issue a critical one.
Teusink goes onto to explain, “Someone could, for example, change firewall settings to allow or block certain traffic. They could also intercept traffic or create VPN accounts to gain access to the network behind the device. Combined with a vulnerability like Zerologon, this could be devastating to small and medium businesses.”
Zyxel will be releasing an additional patch for their account point (AP) controllers with a V6.10 Patch1 in April of this year.
What Should Users Do To Stay Safe?
As with any type of hardware or device, you should always keep it updated with the latest security patches and firmware updates. Other ideas to stay safe are:
- Install networking monitoring software to alert you if anything in your network environment changes.
- Set your firewall, router, or other network equipment with very strong passwords.
- Change the password often.
- Install and run frequently robust antivirus/anti-malware software on all your devices. If intruders do get into your network, the first thing they may do is try to install malicious software such as the Trojan virus to steal information for identity theft or fraud.
- Keep abreast of all equipment you use in your home or office network and check the manufacturer’s websites for notifications of flaws and firmware upgrades. Many of these devices do not update automatically; you have to initiate the process manually.
- Keep a close eye on all your networked devices and frequently check for anything suspicious or activity you don’t recognize. Most firewalls/routers have logs, and you can see who logged in (user) and when.
The best defense against any hacking incident is being aware and keeping a close eye on things.