Researchers found secret backdoor account in several Zyxel Firewall, VPN Products


Researchers found secret backdoor account in several Zyxel Firewall, VPN Products: Zyxel has released a patch to address a critical vulnerability in its firmware concerning a hardcoded, undocumented secret account that could be abused by an attacker to login with administrative privileges and compromise its networking devices.

 

The flaw, tracked as CVE-2020-29583 (CVSS score 7.8), affects version 4.60 present in a wide-range of Zyxel devices, including Unified Security Gateway (USG), USG FLEX, ATP, and VPN firewall products.

 

According to the advisory published by Zyxel, the undocumented account ("zyfwp") comes with an unchangeable password ("PrOw!aN_fXp") that's not only stored in plaintext but could also be used by a malicious third-party to login to the SSH server or web interface with admin privileges.

 

Zyxel said the hardcoded credentials were put in place to deliver automatic firmware updates to connected access points through FTP.

 

Noting that around 10% of 1000 devices in the Netherlands run the affected firmware version, Teusink said the flaw's relative ease of exploitation makes it a critical vulnerability. 


Read More

Comments

Post a Comment

Popular posts from this blog

N Chandrasekaran appointed chairman of Tata Sons

Image
The board of directors of Tata Sons, at its meeting has unanimously appointed N Chandrasekaran as executive chairman, Tata Sons. N Chandrasekaran shall take charge from February 21, 2017. The board of Tata Sons said, “Chandrasekaran has demonstrated exemplary leadership as the chief executive officer and managing director, Tata Consultancy Services. We believe he will now inspire the entire Tata group to realise its potential acting as leaders in their respective businesses, always in keeping with our value system and ethics and adhering with the practices of the Tata group which have stood it in good stead.” Chandrasekaran was the chief executive officer and managing director of Tata Consultancy Services since 2009. A Tata lifer, he had joined the company in 1987 and was appointed as a director on the board of Tata Sons on October 25, 2016.
Read more

Visa buys NFT based CryptoPunk and paid $150,000 in Etherium

Image
Visa buys NFT based CryptoPunk and paid $150,000 in Etherium:  Leader in the digital payments   Visa   has purchased a digital CryptoPunk for $150,000, marking the company's first ever   NFT   purchase. The deal is clearly shows that, Visa is stepping into the world of NFTs with its purchase of   CryptoPunk 7610 .   Going forward, NFTs and Visa to align and integrate them in new brand strategy to gain a sizable market share. However, NFTs have often been compared to physical collectible items like rare trading cards and works of art.   The CryptoPunk 7610, which feBlatures a female punk with a mohawk and large green eyes. "We envision there could be a future where your crypto address becomes as important as your mailing address," Visa's Head of Crypto said.   An NFT - which stands for non-fungible token - is a unique digital asset designed to represent ownership of a virtual item. Unlike bitcoin and other cryptocurrencies, NFTs can’...
Read more

Prizm Payment Services changes its name to Hitachi Payment Services

Image
Hitachi Payment Services Pvt. Ltd has changed its corporate name from Prizm Payment Services Pvt. Ltd (“Prizm Payment Services”) to Hitachi Payment Services Pvt. Ltd (“Hitachi Payment Services”). “The new name reflects Hitachi’s commitment to business expansion in India, and to build a strong global financial payments offering leveraging the expertise of the Prizm Payment Services acquisition. Hitachi sees immediate potential to grow in the Asian subcontinent markets with the epicentre of growth being India, and migrate into other markets. Also, the name change will have no change on Prizm Payment Services’ operations,” said Loney Antony, Managing Director, Hitachi Payment Services. “Hitachi had acquired Prizm Payment Services with the aim of accelerating global development of IT services businesses targeting financial institutions, particularly in the fast-growing Asian region, and the company has been the gateway of entering into the services business in India for Hitachi. We ...
Read more