Customers are warned by Zyxel of various attacks on numerous firewalls and devices. Whether the vulnerabilities are new and the number of customers affected along with their geographical region are still unknown, according to Ars Technica.
Customers must follow the guidance given by the company in order to keep their Zyxel devices secure. They are strongly advised to be aware of phishing attacks and to use two-factor authentication, patch their devices, and configure their appliances with the lowest amount of privileges allowed.
Devices connected to the Internet can be targeted for attacks if hackers gain access to them and connect to previously unknown accounts hardwired into the devices. It is still unclear if the attackers were successfully compromising targeted devices or just trying to do so.
The email, that was posted on Twitter, reads “The threat actor attempts to access a device through WAN; if successful, they then bypass authentication and establish SSL VPN tunnels with unknown user accounts, such as ‘zyxel_silvpn,’ ‘zyxel_ts,’ or ‘zyxel_vpn_test,’ to manipulate the device’s configuration”.
Zyxel is working hard to investigate and resolve the situation
The company also assures users that they are aware of the situation and that they are actively working to investigate and fix the situation.
The flaw looks very much alike to CVE-2020-29583, a vulnerability that was caused by an undocumented account with full administrator system privileges and the hardcoded password “PrOw!aN fXp”. However, when Zyxel patched the vulnerability in January it referred to the account as “zyfwp,” which is nowhere to be found in the current email.
In the context of the expanding cybersecurity threat, firewalls, Virtual Private Networks, and any other type of network security devices are becoming more commonly employed. Therefore, hackers can exploit shortcomings to their advantage. Once they have breached the network, attackers can obtain access to deeper sections of it.