Hackers are attempting to exploit a recently discovered backdoor built into multiple Zyxel device models that hundreds of thousands of individuals and businesses use as VPNs, firewalls, and wireless access points.
The backdoor comes in the form of an undocumented user account with full administrative rights that’s hardcoded into the device firmware, a researcher from Netherlands-based security firm Eye Control recently reported. The account, which uses the username zyfwp, can be accessed over either SSH or through a Web interface.
A serious vulnerability
The researcher warned that the account put users at considerable risk, particularly if it were used to exploit other vulnerabilities such as Zerologon, a critical Windows flaw that allows attackers to instantly become all-powerful network administrators.