Own a Zyxel firewall or VPN product? Patch it now! The Hacker News reported that EYE researcher Niels Teusink found the vulnerability in Zyxel products back in November. Zyxel released a firmware patch on December 18. Apparently, there was an undocumented, hardcoded administrative account found in firmware version 4.60. “Zyxel said the hardcoded credentials were put in place to deliver automatic firmware updates to connected access points through FTP.” Really? Who thought that was a good idea?

If you are using a Zyxel AP controller, it is expected that a patch won’t be available until April 2021. Time to shut that sucker down and find an alternative until a fix is available.

Email: jsimek@senseient.com Phone: 703.359.0700

Digital Forensics/Cybersecurity/Information Technology

https://www.linkedin.com/in/johnsimek

https://amazon.com/author/johnsimek

https://senseient.com