Just few weeks after “SolarWinds” massive hack attack based on source code modification, EYE a cybersecurity company based in Holland, found an “accidentally” open backdoor in some of Zyxel’s firewalls and AP controllers. The latest firmware contains the root user name and password for the SSH and web interface. Anyone who know the user name and password can take remote control of the system! It’s highly suggested to disable external SSH and Web management until firmware update. Based on ZDnet more than 100.000 devices are affected!

Below the links to

• EYE control original found the issue https://www.eyecontrol.nl/blog/undocumented-user-account-in-zyxel-products.html
• Zyxel’s security advisory contains the list of affected devices https://www.zyxel.com/support/CVE-2020-29583.shtml
• ZDnet’s article https://www.zdnet.com/article/backdoor-account-discovered-in-more-than-100000-zyxel-firewalls-vpn-gateways/