Hackers are actively exploiting this leading VPN, so patch now

security
(Image credit: Shutterstock / binarydesign)

Cybercriminals are now actively exploiting a major security vulnerability identified in products shipped by networking firm Zyxel, researchers have discovered.

According to Dutch company Eye Control, an admin-level backdoor account hardcoded into the company’s VPN hardware, as well as its firewalls and access point controllers, could grant attackers access to internal networks and provide a platform for further attacks.

“As the user has admin privileges, this is a serious vulnerability,” said Niels Teusink, a senior cybersecurity specialist at Eye Control. “An attacker could completely compromise the confidentiality, integrity and availability of the device.” 

Since the vulnerability came to light, security firm GreyNoise has identified three separate IP addresses scanning the web for devices using the SSH protocol (a vector for infiltrating the affected Zyxel hardware).

Once the attackers identified an SSH device, they attempted to log-in using the compromised backdoor account credentials.

Zyxel VPN security flaw

Researchers estimate that the vulnerability, which is as serious as they come, is present in circa 100,000 Zyxel devices. The affected products are as follows:

  • Advanced Threat Protection (ATP) series
  • Unified Security Gateway (USG) series
  • USG FLEX series
  • VPN series
  • NXC series

If compromised successfully, these devices could allow the attacker to block traffic or fiddle with firewall settings in preparation for a secondary attack.

“They could also intercept traffic or create VPN accounts to gain access to the network behind the device. Combined with a vulnerability like Zerologon, this could be devastating to small and medium businesses,” added Teusink.

Zyxel released a patch for the majority of affected devices last month, with the exception of the NXC series, but the knowledge that attackers are actively seeking to exploit the flaw now adds an additional element of urgency.

As such, all affected organizations are advised to install the relevant updates as soon as possible, to shield against potential attack.

Via Bleeping Computer

Joel Khalili
News and Features Editor

Joel Khalili is the News and Features Editor at TechRadar Pro, covering cybersecurity, data privacy, cloud, AI, blockchain, internet infrastructure, 5G, data storage and computing. He's responsible for curating our news content, as well as commissioning and producing features on the technologies that are transforming the way the world does business.

Latest in VPN Privacy & Security
Using an Amazon Fire Stick on a Smart TV
How to use a VPN with Fire Stick
Close up of PS5 DualSense controller leaning on a PS5
5 reasons your PS5 needs a VPN
Tor
What is Onion over VPN?
 In this photo illustration a Google Play logo seen displayed on a smartphone.
Why is there so much spyware hidden in the Play Store?
PrivadoVPN running on an iPhone during TechRadar's VPN tests
Why PrivadoVPN Free is still the best free VPN for streaming
Homepage of CloudFlare website on the display of PC, url - CloudFlare.com.
"Network blocking is never going to be the solution" – Cloudflare slams anti-piracy tactics
Latest in News
A super close up image of the Google Gemini app in the Play Store
It's official: Google Assistant will be retired for phones this year, with Gemini taking over
Quordle on a smartphone held in a hand
Quordle hints and answers for Sunday, March 16 (game #1147)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Sunday, March 16 (game #378)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Sunday, March 16 (game #644)
Three iPhone 16 handsets on show
Apple could launch an iPhone 17 Ultra this year – but we've heard these rumors before
Super Mario Odyssey
ChatGPT is the ultimate gaming tool - here's 4 ways you can use AI to help with your next playthrough