Over 100,000 Zyxel firewalls, providing VPN services and access point controllers, contain a hardcoded admin-level backdoor account that can provide attackers with root access to devices via the SSH interface or the internet administration panel.
The backdoor account was discovered by a team of Dutch security researchers from Eye Control. Device owners are advised to update their systems. Patches are currently only available for the USG Flex, USG, ATP and VPN series. The patches of the NXC series are expected in April 2021, according to an advisory by Zyxel.