Blog | G5 Cyber Security

Cybercriminals Ramp Up Exploits Against Serious Zyxel Flaw

Security experts are warning hackers are ramping up attempts to exploit a high-severity vulnerability that may still reside in over 100,000 Zyxel Communications products. The vulnerability stems from devices containing an undocumented account (called zyfWP) that has an unchangeable password which can be found in cleartext in the firmware. The hardcoded credentials were distributed publicly on Twitter by Niels Teusink at EYE, who discovered the flaw and published his analysis in tandem with the manufacturer’s December advisory. Affected devices include its ATP firewall series, Unified Security Gateway (USG) series and VPN.

Source: https://threatpost.com/cybercriminals-exploits-zyxel-flaw/162789/

Exit mobile version