By Chris Bonatti, Consultant, IECA of Casper, WY
For IECA’s full newsletter check out https://www.ieca.com/newsletter/2103-IECA_Cyber_Bulletin.pdf
Backdoor Found in Zyxel Products
If your enterprise relies on a Zyxel device for boundary protection, you’ll want to make sure you have the latest firmware patches… or perhaps find another device entirely. In the waning hours of 2020, an EYE Security researcher discovered an undocumented backdoor affecting code in a wide swathe of Zyxel Unified Security Gateway (USG) products including the Zyxel USG, ATP, VPN, ZyWALL and USG FLEX. A secret, undocumented root level user account named “zyfwp” was hard-coded in the firmware (CVE-2020-29583).
More than 100,000 devices are believed to be impacted.
Zyxel has released updated firmware to correct the problem, which affects version v4.60 on most products (v6.10 for the NXC series). Firmware Patch 1 to both of these versions does the trick. Zyxel does offer automatic updates, but these are not enabled by default.