Hackers are actively exploiting this leading VPN, so patch now

(Image credit: Shutterstock / binarydesign)

Cybercriminals are now actively exploiting a major security vulnerability identified in products shipped by networking firm Zyxel, researchers have discovered.

According to Dutch company Eye Control, an admin-level backdoor account hardcoded into the company’s VPN hardware, as well as its firewalls and access point controllers, could grant attackers access to internal networks and provide a platform for further attacks.

“As the user has admin privileges, this is a serious vulnerability,” said Niels Teusink, a senior cybersecurity specialist at Eye Control. “An attacker could completely compromise the confidentiality, integrity and availability of the device.”

Check out our list of the best business VPN services around
We've built a list of the best proxy services right now
Here's our list of the best malware removal software on the market

Since the vulnerability came to light, security firm GreyNoise has identified three separate IP addresses scanning the web for devices using the SSH protocol (a vector for infiltrating the affected Zyxel hardware).

Once the attackers identified an SSH device, they attempted to log-in using the compromised backdoor account credentials.

Zyxel VPN security flaw

Researchers estimate that the vulnerability, which is as serious as they come, is present in circa 100,000 Zyxel devices. The affected products are as follows:

Advanced Threat Protection (ATP) series
Unified Security Gateway (USG) series
USG FLEX series
VPN series
NXC series

If compromised successfully, these devices could allow the attacker to block traffic or fiddle with firewall settings in preparation for a secondary attack.

“They could also intercept traffic or create VPN accounts to gain access to the network behind the device. Combined with a vulnerability like Zerologon, this could be devastating to small and medium businesses,” added Teusink.

Zyxel released a patch for the majority of affected devices last month, with the exception of the NXC series, but the knowledge that attackers are actively seeking to exploit the flaw now adds an additional element of urgency.

As such, all affected organizations are advised to install the relevant updates as soon as possible, to shield against potential attack.

Here's our list of the best antivirus services around

Via Bleeping Computer

Joel Khalili is the News and Features Editor at TechRadar Pro, covering cybersecurity, data privacy, cloud, AI, blockchain, internet infrastructure, 5G, data storage and computing. He's responsible for curating our news content, as well as commissioning and producing features on the technologies that are transforming the way the world does business.

Latest

Former Pentagon UFO hunter Luis Elizondo will speak at the 2024 UFO hearings in Washington D.C. on November 13, 2024

How to watch UFO hearings: live stream 2024 UAP hearings with Lue Elizondo free online and from anywhere

See more latest ►

Zyxel VPN security flaw

Are you a pro? Subscribe to our newsletter

Most Popular