"This Top VPN Has an Unfortunate Backdoor Security Flaw"

Researchers at the Dutch cybersecurity firm called Eye Control recently discovered a backdoor security flaw impacting about 100,000 Zyxel devices. Impacted Zyxel products include Advanced Threat Protection devices, VPN gateways, and the firm's NXC series of devices. The researchers found a secret backdoor account that can grant attackers root access to users of Zyxel's VPN services, in addition to firewalls and Access Point (AP) controllers managed by the company. This backdoor was introduced in a recent firmware update for different Zyxel firewalls and AP controllers. According to the researchers, the backdoor account uses a username and password visible as plain text in Zyxel system binaries running firmware ZLD V4.60. These credentials work on both the SSH and web interface access portal. This article continues to discuss the admin-level backdoor discovered in Zyxel security products.

TechRadar reports "This Top VPN Has an Unfortunate Backdoor Security Flaw"

Submitted by Anonymous on Mon, 01/04/2021 - 12:56