A backdoor account discovered (VPN) in more than 100,000 Zyxel firewalls has caused big security concerns in the technology community.
This was an administrator access backdoor, hardcorded into the system. It was able to grant full access to devices by proving a connection to a web admin panel and a SSH interface.
The VPN backdoor account was discovered in more than 100,000 Zyxel firewalls by a team of security researchers from the Netherlands, known as Eye Control.
It has been recommended that affected device owners immediately update their systems so that the backdoor account access issue can be patched.
Apparently, the VPN backdoor account discovered in more than 100,000 Zyxel firewalls was easy to discover.
Installing patches removes the backdoor account, which, consistent with Eye Control researchers, uses the “zyfwp” username and therefore the “PrOw!aN_fXp” password.
“The plaintext password was visible in one among the binaries on the system,” the Dutch researchers said during a report published before the Christmas 2020 holiday.
Researchers said the account had root access to the device because it had been getting used to putting in firmware updates to other interconnected Zyxel devices via FTP. Source: Backdoor account found in more than 100,000 Zyxel firewalls, VPN gateways
Examples of some of the major Zyxel devices impact by this security flaw have been identified:
the Advanced Threat Protection (ATP) series – used primarily as a firewall
the Unified Security Gateway (USG) series – used as a hybrid firewall and VPN gateway
the USG FLEX series – used as a hybrid firewall and VPN gateway
the VPN series – used as a VPN gateway
the NXC series – used as a WLAN access point controller
Source: Backdoor account discovered in more than 100,000 Zyxel firewalls, VPN gateways
The severity of the admin access has been highlighted by Eye Research:
As the ‘zyfwp‘ user has admin privileges, this is a serious vulnerability,” Teusink said in a write-up. “An attacker could completely compromise the confidentiality, integrity and availability of the device.”
“Someone could for example change firewall settings to allow or block certain traffic. They could also intercept traffic or create VPN accounts to gain access to the network behind the device. Combined with a vulnerability like Zerologon this could be devastating to small and medium businesses.” Source: Secret Backdoor Account Found in Several Zyxel Firewall, VPN Products
NEXT-STEP: Go Here For Our No.1 Trusted VPN Provider