Backdoor Account Found in Several Zyxel firewalls, VPN gateways

Backdoor Account Found in Several Zyxel

Zyxel has released a patch to fix a critical vulnerability concerning a hardcoded, undocumented secret account that could be abused by a hacker to login with administrative privileges and compromise the networking devices.

The flaw tracked as CVE-2020-29583, affects version 4.60 present in several Zyxel devices, including USG FLEX, ATP, and VPN firewall products.

The backdoor account, discovered by Dutch security researchers from Eye Control, is considered to be extremely dangerous in terms of vulnerabilities. Users are advised to update their systems at the earliest.

To Read More:  TheHackerNews