|Zyxel Networking Devices [Firewall/AP Controllers]
|V6.00 - V6.10
- Hardcoded credential provides attackers backdoor access to SSH and web admin interfaces of the affected devices.
- Unauthorized access to networking devices can lead to host discovery on target network and unauthorized changes to network settings.
- Attackers can use the above mentioned enumerated information to carry out attacks against other hosts on the network.
MitigationFor affected firewall products a patch was released in the following update:
- ZLD V4.60 Patch1 in Dec. 2020
- V6.10 Patch1 on Jan. 8, 2021