Security issues for Zyxel

Print Friendly, PDF & Email

IT security breeches

A critical vulnerability was discovered in Zyxel products, which has the potential to affect many IT devices in Switzerland.

Zyxel, a Taiwanese company, manufactures networking hardware such as firewalls and Wi-Fi access points. The company’s products are popular in Switzerland, and are especially used by small and medium-sized companies, and by Internet providers such as Sunrise.

A lucky find?

A critical vulnerability was discovered by Niels Teusink, a researcher who works for EYE, a Dutch cyber security company. He then reported it to Zyxel on November 29 2020. This issue affected a range of company products, including USG, USG FLEX, ATP, VPN firewalls, and Wi-Fi controllers.

This has become a big problem for the company. As one commentator pointed out, “Someone could for example change firewall settings to allow or block certain traffic. They could also intercept traffic or create VPN accounts to gain access to the network behind the device. Combined with a vulnerability like Zerologon this could be devastating to small and medium businesses.”

For users…

Some estimates believe that more than 100,000 devices were probably affected by this security flaw For example, researchers discovered that around 10 percent of Zyxel devices in the Netherlands were running compromised software. To fix the problem, Zyxel released a firmware patch on December 18 (ZLD V4.60 Patch1). Users should immediately update to this version. For the Wi-Fi controllers running versions from 6.00 to 6.10, the patch will only be released on 8 January this year.  (V6.10 Patch1).

The company was also suffered from another similar security issue in 2016, though this time, the security breech is far more widespread.

Further reading

New Rules for Big Tech in Europe by

Sources:

https://arstechnica.com/information-technology/2021/01/hackers-are-exploiting-a-backdoor-built-into-zyxel-devices-are-you-patched/

https://securityboulevard.com/2021/01/zyxel-hardcoded-backdoor-account-vulnerability/

https://www.zdnet.com/article/backdoor-account-discovered-in-more-than-100000-zyxel-firewalls-vpn-gateways/

https://thehackernews.com/2021/01/secret-backdoor-account-found-in.html

Image:

Arun Karunakaran Arun Karunakaran

Ingénieur en IT depuis plus de 8 ans dans diverses industries, j’ai travaillé dans les principaux domaines de l’infrastructure: réseaux, systèmes, télécommunications et sécurité. Je me suis également récemment orienté vers la gestion d’équipe et de projet informatique.

Being an IT Engineer in various industries for more than 8 years, I have worked in most of the infrastructure's fields: networks, systems, telecommunications and security. I have also recently leaned towards IT team and project management.

Laisser un commentaire

Votre adresse e-mail ne sera pas publiée. Les champs obligatoires sont indiqués avec *

Ce site utilise Akismet pour réduire les indésirables. En savoir plus sur comment les données de vos commentaires sont utilisées.