Security researchers from Dutch security company Eye Control have discovered a backdoor account in the firmware for multiple Zyxel enterprise networking devices. Affected products include:
- Advanced Threat Protection (ATP) series
- Unified Security Gateway (USG) series
- USG FLEX series
- VPN series
- NXC series
The username and password needed to access these devices via SSH or the web interface has been published, and will likely be abused by many threat actors, even those with low skill levels. As devices meant to sit on the edge of the network, backdoor accounts could have devastating consequences, allowing attackers make changes or pivot to hosts inside the network. If an attacker uses this vulnerability to gain access inside a corporate network with domain controllers vulnerable to ZeroLogon, for example, it could lead to complete domain takeover. Patches are currently available for all of the devices mentioned above except the NXC series which is expected to receive a patch in April.