Headquartered in Hsinchu, Taiwan Zyxel is a networking hardware company, focused on providing devices with eHome Shield that is geared up by F-Secure to give lasting protection against cybercriminals worldwide and other potential threats as well. It’s a wide known fact how hackers employ specialized programming to easily break through the firewall of networking devices and access the other smart home gadgets and devices running on the compromised connection – for instance, Smart TVs, Mobile Phones, Laptops, etc.
A while ago, an association of some cybersecurity researchers of a Dutch firm named ‘Eye Control’ discovered a prospective damaging the security of the system and a popular VPN solution and networking agency, Zyxel, making it more vulnerable.
Although Zyxel has produced and transported some hundred thousand highly encrypted devices with zero percent of compromising security still it malfunctioned. This vulnerability was later confirmed by the firm itself.
Now the question that arises is what happened and how did the hackers manage to enter the encrypted system of such a big firm with ease?
According to the cybersecurity researchers, the backdoor account of Zyxel devices and VPN uses a username and password that were completely visible in the plain text within the Zyxel system binaries, that were running firmware version 4.60, patch 0. These credentials allowed hackers to completely access the confidential information of the users of Zyxel devices.
After further investigation, the team of researchers concluded that the hundred thousand devices that were affected by the vulnerability were because of the latest version of the firmware update 4.60, patch 0. The Zyxel devices affected by the vulnerability included the Advanced Threat Protection series of devices, the company’s NCX series of devices, its VPN of Gateways, and a few more.
The company has already issued new patches for the Advanced Threat Protection series (ATP), Unified Security Gateway (USG), USG Flex, and VPN series. Alongside, it has also affirmed that it would release another patch for the remaining compromised devices like the WLAN access point controller, NCX series, etc., and will launch its new update around April for better fixation of devices and safety. Till then it has requested its consumers to download the available new patches with the latest updates for the devices to ensure their safety.