More than 100,000 Zyxel networking products could be vulnerable to a hardcoded credential vulnerability (CVE-2020-29583) potentially allowing cybercriminal device takeover.

“More than 100,000 Zyxel networking products could be vulnerable to a hardcoded credential vulnerability (CVE-2020-29583) potentially allowing cybercriminal device takeover.”

The initial IPs scanning for this are all geo-locating back to Russia,” Ullrich told Threatpost. “But other than that, they are not specifically significant. Some of these IPs have been involved in similar internet wide scans for vulnerabilities before so they are likely part of some criminal’s infrastructure.”

“Separately, researchers with GreyNoise said on Twitter, on Monday, they observed a slew of “opportunistic exploitation of the newly discovered Zyxel USG SSH Backdoor and crawling of SOHO Routers.”
The vulnerability stems from Zyxel devices containing an undocumented account (called zyfwp) that has an unchangeable password – which can be found in cleartext in the firmware..”

“From an attacker perspective, this would give cybercriminals the ability to adjust firewall rules, run malicious code on devices, or launch machine-in-the-middle attacks, Ullrich told Threatpost.”

Source: https://threatpost.com/cybercriminals-exploits-zyxel-flaw/162789/

456930cookie-checkMore than 100,000 Zyxel networking products could be vulnerable to a hardcoded credential vulnerability (CVE-2020-29583) potentially allowing cybercriminal device takeover.
Dieser Beitrag wurde unter Allgemein, History, Implants, Intelligence/Surveillance/Sabotage, IT Security/IT Forensic, Protection veröffentlicht. Setze ein Lesezeichen auf den Permalink.

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert