-00.png "latest zyxel firmware")
- LATEST ZYXEL FIRMWARE UPDATE
- LATEST ZYXEL FIRMWARE PATCH
- LATEST ZYXEL FIRMWARE CODE
- LATEST ZYXEL FIRMWARE PASSWORD
LATEST ZYXEL FIRMWARE PASSWORD
In the case of a hidden admin account, these measures will likely not help, but see if you can disable password authentication. “Secure ssh access best you can (public keys…). “Avoid exposing web-based admin interfaces,” said Ullrich. He said consumers or businesses using any kind of firewall, gateway or router, regardless of the vendor should limit the administrative interface exposure. Security experts’ advice for potentially affected users? “Update now,” emphasized Ullrich. And, another issue is that “due to the holidays, the initial announcement by Zyxel was also somewhat overlooked,” he noted. Ullrich told Threatpost that patching firewalls and gateways is always “tricky,” especially if the patching must be done remotely.
LATEST ZYXEL FIRMWARE PATCH
Zyxel undocumented account (CVE-2020-29583) detailsĪffected Zyxel devices include its ATP firewall series, Unified Security Gateway (USG) series and VPN series, a patch for which became available in December 2020. Also affected is the NXC2500 and NXC 5500, which are two devices that are part of Zyxel’s lineup of wireless LAN controllers, which will not receive a patch until Jan. Teusink did not reveal the unchangeable password in his analysis – however, it didn’t take long for the hardcoded credentials to be distributed publicly on Twitter. “Zyxel devices do not expose their firmware version to unauthenticated users, so determining if a device is vulnerable is a bit more difficult.”
LATEST ZYXEL FIRMWARE UPDATE
The number of current devices open to attack cannot by specifically pinpointed, however, according to Teusink, globally more than 100,000 Zyxel devices have exposed their web interface to the internet.įurthermore, “in our experience, most users of these devices will not update the firmware very often,” said Teusink. “The only limit is the creativity of the attacker.” “This can easily be leveraged to compromise workstations protected by the firewall,” he said.
LATEST ZYXEL FIRMWARE CODE
The flaw, which had a CVSS Score of 7.8 out of 10 (making it high severity), could be exploited by attackers to log in with administrative privileges – and ultimately take over affected devices.įrom an attacker perspective, this would give cybercriminals the ability to adjust firewall rules, run malicious code on devices, or launch machine-in-the-middle attacks, Ullrich told Threatpost. The vulnerability stems from Zyxel devices containing an undocumented account (called zyfwp) that has an unchangeable password – which can be found in cleartext in the firmware, according to Niels Teusink at EYE, who discovered the flaw and published his analysis in tandem with Zyxel’s December advisory. Separately, researchers with GreyNoise said on Twitter, on Monday, they observed a slew of “opportunistic exploitation of the newly discovered Zyxel USG SSH Backdoor and crawling of SOHO Routers.” Some of these IPs have been involved in similar internet wide scans for vulnerabilities before so they are likely part of some criminal’s infrastructure.”Įxploit attempts on a honeypot observed by SANS ISC. “But other than that, they are not specifically significant.
“The initial IPs scanning for this are all geo-locating back to Russia,” Ullrich told Threatpost. Ullrich said the scans started on Monday afternoon stemming from one IP (185.153.196.230), and more scans from other IPs (5.8.16.167, 45.155.205.86) joined throughout this week. “But we are seeing attempts to access our ssh honeypots via these default credentials.” “Likely due to the holidays, and maybe because did not initially publish the actual password, widespread exploitation via ssh has not started until now,” said Johannes Ullrich, of the SANS Internet Storm Center (ISC), in a Wednesday analysis. Zyxel devices are generally utilized by small businesses as firewalls and VPN gateways.įast forward to this week, several security researchers have spotted “opportunistic exploitation” of Zyxel devices that have not yet received updates addressing the vulnerability. 23 warned of the flaw in its firmware (CVE-2020-29583) and released patches to address the issue. Zyxel, a Taiwanese manufacturer of networking devices, on Dec. Security experts are warning hackers are ramping up attempts to exploit a high-severity vulnerability that may still reside in over 100,000 Zyxel Communications products.
0 kommentar(er)
