Connect with us

Hacker News Vulnerability

Zyxel, the Dangers of Hard-coding Credentials

Hacker News Malware

Emotet Malware Makes a Comeback with Fresh Attacks After Three Months of Silence

Hacker News Vulnerability

Lazarus Group Found Exploiting Zero-Day Vulnerabilities in Latest Cyber Attack

Hacker News

Chinese hackers develop new custom backdoor to evade detection

Hacker News

Hackers are exploiting vulnerabilities in containerized environments

Hacker News

Play Ransomware Group Brags About Disruptive Attack on City of Oakland

Hacker News

Chinese State-Sponsored Hacking Group APT31 Targets European Organizations

Hacker News Vulnerability

Researchers Uncover New Security Vulnerabilities in TPM 2.0 Library

Data Breaches Hacker News

Dark Web Marketplace Bidencash Leaks 2 Million Stolen Credit Cards for Free

Hacker News

White Hat Hacking Does Pay: Pwn2Own Shells Out 980,000 in Rewards

Hacker News

Zyxel, the Dangers of Hard-coding Credentials

Published

3 years ago

on

Hard-coding Credentials

Zyxel, a major producer of network devices is once again in hot water because it once again implemented a taboo when it comes to developing hardware and software solutions. Zyxel has once again used a hardcoded credential backdoor on its major lines of network and firewall devices. Threat actors are now busy scanning networks for companies that use Zyxel devices affected by this backdoor issue (CVE-2020-29583). This backdoor was detected by Dutch security firm Eye Control after their research dumped the binaries of a latest update. The plain text account and password quickly stood out.

 

Zyxel has already committed this mistake in creating hardcoded backdoors on its consumer devices known as the 2016 backdoor incident (CVE-2016-10401), for the reason of automatically applying patches and updates. This latest issue which affects over 100,000 enterprise-grade firewalls, VPN gateways and access point controllers, allows anyone who can access these devices through SSH to gain administrative privileges. This time, they already have root privilege unlike the previous incident here they have to gain low-level access which they need to elevate.

 

Threat actors are apparently engaging in a cat-and-mouse game against threat intelligence vendors in order to appear as not taking advantage of the Zyxel backdoor. According to cybersecurity intelligence firm GreyNoise CEO Andrew Morris, cybercriminals are instead performing Cobalt Strike sweeps to detect IP addresses running SSH, wherein detected targets are then subjected to a Zyxel backdoor check. It would be unsurprising however that they would engage in scanning since the backdoor issue was revealed.

 

Zyxel has since issued an advisory telling users to update to their latest patches for all affected devices except for AP Controllers which will receive patches on April 2021, which may force users to seek alternatives. This issue is more damaging than the one in 2016 as this affects corporate users with even more sensitive data versus 2016’s home users.

Related Topics:
Continue Reading
1 Comment

1 Comment

  1. Pingback: Backdoors to the Home | My Hacker News

Leave a Reply

Your email address will not be published. Required fields are marked *