Thousands of security credentials have coded admin account open to any hacker

The security credentials of the Zyxel company include a hardcoded administrator account. If you have one of them, install an update 

Photo: Bigstock

Over 100,000 Zyxel firewalls, providing VPN services and access point controllers, contain a hardcoded admin-level backdoor account that can provide attackers with root access to devices via the SSH interface or the internet administration panel.

The backdoor account was discovered by a team of Dutch security researchers from Eye Control. Device owners are advised to update their systems. Patches are currently only available for the USG Flex, USG, ATP and VPN series. The patches of the NXC series are expected in April 2021, according to an advisory by Zyxel.