Hardcoded Credentials Expose Zyxel Firewalls and WLAN Controllers to Remote Attacks

January 4, 2021

Several Zyxel firewall and WLAN controller products contain hardcoded credentials for an undocumented user account that has admin privileges.
Identified by EYE security researcher Niels Teusink, the vulnerability exists because the password for the “zyfwp” user account was stored in plaintext and was visible in one of the binaries on the system.
read moreSecurityWeek RSS FeedRead More