More than 100,000 Zyxel firewalls, VPN gateways, and AP controllers contained a hard-coded administrative backdoor account that, on occasion, could give cybercriminals root access to devices via SSH or a web admin panel.

The dangerous account was discovered by specialists from Eye Control, based in the Netherlands. They also recommended the owners of all affected devices to update them as soon as possible, since the vulnerability is really extremely unpleasant.

Attackers of all levels - from DDoS botnet operators to government cyber groups and ransomware creators - can use the detected backdoor account to infiltrate internal networks.

Among the vulnerable devices are popular enterprise-grade models from Zyxel. Typically, such devices are used in private organizations and government networks. Experts have identified the following product lines, the owners of which should be wary of the backdoor:

ATP series - used primarily as a firewall;

• USG-series - used as a hybrid of firewall and VPN gateway;
• USG FLEX series - also used as a firewall and VPN gateway;
• VPN series - used exclusively as a VPN gateway;
• NXC-series - used as a WLAN access point controller.