Notre revue de presse de la semaine passée : Du 11 au 15 janvier 2021.
Security issues for Zyxel
A critical vulnerability was discovered in Zyxel products, which has the potential to affect many IT devices in Switzerland.
Zyxel, a Taiwanese company, manufactures networking hardware such as firewalls and Wi-Fi access points. The company’s products are popular in Switzerland, and are especially used by small and medium-sized companies, and by Internet providers such as Sunrise.
A lucky find?
A critical vulnerability was discovered by Niels Teusink, a researcher who works for EYE, a Dutch cyber security company. He then reported it to Zyxel on November 29 2020. This issue affected a range of company products, including USG, USG FLEX, ATP, VPN firewalls, and Wi-Fi controllers.
This has become a big problem for the company. As one commentator pointed out, “Someone could for example change firewall settings to allow or block certain traffic. They could also intercept traffic or create VPN accounts to gain access to the network behind the device. Combined with a vulnerability like Zerologon this could be devastating to small and medium businesses.”
Some estimates believe that more than 100,000 devices were probably affected by this security flaw For example, researchers discovered that around 10 percent of Zyxel devices in the Netherlands were running compromised software. To fix the problem, Zyxel released a firmware patch on December 18 (ZLD V4.60 Patch1). Users should immediately update to this version. For the Wi-Fi controllers running versions from 6.00 to 6.10, the patch will only be released on 8 January this year. (V6.10 Patch1).
The company was also suffered from another similar security issue in 2016, though this time, the security breech is far more widespread.