Zyxel firewalls and access point controllers, typically used by companies in their networks, have had a security vulnerability identified.
The vulnerability is a hardcoded password on a service account. The account was designed to deliver automatic firmware updates to connected access points through the FTP protocol.
Zyxel say that they have identified the vulnerable products and are releasing firmware patches to address the issue.
The products affected are:
- ATP series firewalls
- USG series firewalls
- USG Flex series firewalls
- VPN series firewalls
- NXC2500 access point controllers
- NXC5500 access point controllers
Click here for more technical information from Zytel.
Networking equipment such as firewalls and access points are often the first ‘line of defence’ between the internet and a company’s systems and data. They should always be regularly checked to ensure they have the latest version of software running. This applies to all manufacturers, not just Zyxel.