Cybersecurity researchers Eye Control discovered that hackers are in a position to access over 1 lakh networking devices manufactured by Taiwan-based company Zyxel.
The backdoor account in vulnerable devices, discovered by a team of Dutch security researchers from Eye Control, is considered as bad as it gets in terms of vulnerabilities, ZDNet reported.
Affected models include many of Zyxel’s top products from its line of business-grade devices, usually deployed across private enterprise and government networks. The report did not reveal the name of networking products from Zyxel.
More than 1 lakh Zyxel firewalls, VPN gateways and access point controllers were reported to have been compromised by the hardcoded admin-level backdoor account.
Zyxel has issued a security patch for the hardcoded credential vulnerability of firewalls and AP controllers recently reported by researchers from Eye Control Netherlands.
Users are advised to install the applicable firmware updates for optimal protection, the company said in an update.
State-sponsored hackers and ransomware groups can abuse this backdoor account to access vulnerable devices.