Zyxel hard coded password vulnerability

  • Release Candidate 6
    Guest:
    We are at a “proposed final” true release candidate with nothing known remaining to be changed or fixed. For the full story, please see this page in the "Pre-Release Announcements & Feedback" forum.
    /Steve.
  • Be sure to checkout “Tips & Tricks”
    Dear Guest Visitor → Once you register and log-in:

    This forum does not automatically send notices of new content. So if, for example, you would like to be notified by mail when Steve posts an update to his blog (or of any other specific activity anywhere else), you need to tell the system what to “Watch” for you. Please checkout the “Tips & Tricks” page for details about that... and other tips!

    /Steve.

PHolder

Well-known member
Sep 16, 2020
1,225
1
529
Ontario, Canada
Hackers are attempting to exploit a recently discovered backdoor built into multiple Zyxel device models that hundreds of thousands of individuals and businesses use as VPNs, firewalls, and wireless access points.

The backdoor comes in the form of an undocumented user account with full administrative rights that’s hardcoded into the device firmware, a researcher from Netherlands-based security firm Eye Control recently reported. The account, which uses the username zyfwp, can be accessed over either SSH or through a Web interface.
 
Just threw away an old ISP DSL router that's been sitting around (unused) for years, literally two days ago. Reminds me, many years ago I had ran an NMap scan on it and it discovered a port that regardless of firewall or port-forward rules, could not be stealthed. Finally I just put the thing in bridge mode and stuck a personal router behind it... though I'm not even 100% sure that helped. That port IIRC was a remote administration port.