Noting that around 10 of 1000 devices in the Netherlands run the affected firmware version, Teusink said the flaws relative ease of exploitation makes it a critical vulnerability. NXC2500 and NXC5500 AP controllers running firmware V6.00 through V6.10 are also impacted. Zyxel said the hardcoded credentials were put in place to deliver automatic firmware updates to connected access points through FTP.
#UPGRADE ZYXEL FIRMWARE THROUGH FTP SERIES#
Vulnerable products include the ATP, USG, USG FLEX and VPN series of firewalls running firmware ZLD V4.60. Zyxel in a security advisory said the account was designed to deliver automatic firmware updates to connected access points through FTP. The flaw is present in several Zyxel products including the Zyxel Advanced Threat Protection (APT) firewall, Unified Security Gateway (USG), USG Flex, and VPN version 4.60 and Zyxel AP Controllers. The security firm said more than 100,000 Zyxel devices have their web interface exposed to the Internet. Zyxel explained that the account had been included to allow the company to deliver automatic firewall updates to connected access points through FTP. When combined with other vulnerabilities like Zerologon, "this could be devastating to small and medium businesses." VPN accounts could also be created to gain access to the network behind the device. The hardcoded credential vulnerability consists of an undocumented user account complete with plaintext password.Īccording to Eye, the account grants admin privileges and works on both the SSH and web interface.Įye said an attacker could use the credentials to change firewall settings to block or allow certain traffic.
#UPGRADE ZYXEL FIRMWARE THROUGH FTP UPDATE#
What just happened? Researchers from cyber security specialist Eye recently uncovered a secret backdoor introduced in a recent firmware update for various Zyxel firewalls and AP controllers.
0 kommentar(er)
