Your IT Consultant
Information Technology Blog
by John W. Simek, Vice President of Sensei Enterprises, Inc.
Backdoor Found in Zyxel Products
January 4, 2021
Own a Zyxel firewall or VPN product? Patch it now! The Hacker News reported that EYE researcher Niels Teusink found the vulnerability in Zyxel products back in November. Zyxel released a firmware patch on December 18. Apparently, there was an undocumented, hardcoded administrative account found in firmware version 4.60. "Zyxel said the hardcoded credentials were put in place to deliver automatic firmware updates to connected access points through FTP." Really? Who thought that was a good idea?
If you are using a Zyxel AP controller, it is expected that a patch won't be available until April 2021. Time to shut that sucker down and find an alternative until a fix is available.