Your IT Consultant

Information Technology Blog
by John W. Simek, Vice President of Sensei Enterprises, Inc.

Backdoor Found in Zyxel Products

January 4, 2021

Own a Zyxel firewall or VPN product? Patch it now! The Hacker News reported that EYE researcher Niels Teusink found the vulnerability in Zyxel products back in November. Zyxel released a firmware patch on December 18. Apparently, there was an undocumented, hardcoded administrative account found in firmware version 4.60. "Zyxel said the hardcoded credentials were put in place to deliver automatic firmware updates to connected access points through FTP." Really? Who thought that was a good idea?

If you are using a Zyxel AP controller, it is expected that a patch won't be available until April 2021. Time to shut that sucker down and find an alternative until a fix is available.

Email: Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology