Dutch cybersecurity researchers have discovered backdoor account in over 1 lakh networking devices manufactured by Taiwan-based company Zyxel, that can grant hackers access to those vulnerable devices and put data at risk.
The backdoor account, discovered by a team of Dutch security researchers from Eye Control, is considered as bad as it gets in terms of vulnerabilities, ZDNet reported on Saturday.
“Affected models include many of Zyxel’s top products from its line of business-grade devices, usually deployed across private enterprise and government networks,” the report mentioned.
More than 1 lakh Zyxel firewalls, VPN gateways and access point controllers were reported to have been compromised by the hardcoded admin-level backdoor account.
Zyxel has issued a security patch “for the hardcoded credential vulnerability of firewalls and AP controllers recently reported by researchers from Eye Control Netherlands”.
Users are advised to install the applicable firmware updates for optimal protection, the company said in an update.
State-sponsored hackers and ransomware group can abuse this backdoor account to access vulnerable devices.
“Affected models include many of Zyxel’s top products from its line of business-grade devices, usually deployed across private enterprise and government networks,” the report mentioned on Friday.