WebProNews

Tag: Zyxel

  • Exposed Credentials Leave 100,000+ Zyxel Firewalls and VPNS Vulnerable

    Exposed Credentials Leave 100,000+ Zyxel Firewalls and VPNS Vulnerable

    A researcher at Dutch security firm EYE has discovered a critical vulnerability in Zyxel’s firewall and VPN gateways, as a result of exposed credentials.

    Zyxel sells a line of popular firewall and VPN gateway devices. Niels Teusink, a researcher with EYE, discovered a major issues that leaves over 100,000 devices vulnerable.

    When doing some research (rooting) on my Zyxel USG40, I was surprised to find a user account ‘zyfwp’ with a password hash in the latest firmware version (4.60 patch 0). The plaintext password was visible in one of the binaries on the system. I was even more surprised that this account seemed to work on both the SSH and web interface.

    Teusink goes on to highlight why this vulnerability is so dangerous.

    As the zyfwp user has admin privileges, this is a serious vulnerability. An attacker could completely compromise the confidentiality, integrity and availability of the device. Someone could for example change firewall settings to allow or block certain traffic. They could also intercept traffic or create VPN accounts to gain access to the network behind the device. Combined with a vulnerability like Zerologon this could be devastating to small and medium businesses.

    Teusink recommends updating to the latest firmware version immediately.

  • Modified Malware Hijacking WiFi Routers, Killing Competing Malware

    Modified Malware Hijacking WiFi Routers, Killing Competing Malware

    Another day, another malware attack. ZDNet is reporting that a modified version of Gafgyt is targeting WiFi routers in a rather aggressive fashion.

    The malware in question has a long history of targeting known vulnerabilities in popular home and small-office routers. Once compromised, the routers become part of a botnet for use in distributed denial of service (DDoS) attacks-for-hire. The latest version of the malware has been updated to target three wireless routers: the Huawei HG532, Realtek RTL81XX and the Zyxel P660HN-T1A.

    Because Gafgyt’s purpose is to build a botnet powerful enough to generate income through paid attacks, the malware’s creators have programmed it to seek and destroy competing malware on any devices it infects.

    Researchers at Palo Alto Networks have been studying the malware and provided ZDNet with more information about how it works.

    “The authors of this malware want to make sure their strain is the only one controlling a compromised device and maximizing the device’s resources when launching attacks,” said Asher Davila, security researcher at the Palo Alto Networks Unit 42 research division.

    “As a result, it is programmed to kill other botnet malware it finds, like JenX, on a given device so that it has the device’s full resources dedicated to its attack.”

    Because most of the vulnerable routers are relatively old—by technology standards—most trouble can be avoided by upgrading to a newer model or, at the very least, updating the router’s software.

    “In general, users can stay safe against botnets by getting in the habit of updating their routers, installing the latest patches and implementing strong, unguessable passwords,” Davila explained.

    “The more frequent the better, but perhaps for simplicity, considering timing router updates around daylight savings, so at least you’re updating twice a year.”