#WeekendWisdom 061 Zyxel Backdoor
Welcome to #WeekendWisdom number 61. This week we’re going to talk about a Zyxel Backdoor.
What is this Zyxel Backdoor you are talking about?
Just after Christmas, Zyxel networks revealed that some of their firewalls and Wi-Fi access point controllers had been discovered to have a hard-coded user ID and password which would enable anybody who could connect to that device, to be able to sign into it and take control of it.
Now because it’s a hard coded user ID and password, it’s not possible to change that on the device itself. So since then Zyxel has released some updates for their firmware, for those devices. Here is the link to their website, so you can go and find out if you have a device that is affected.
https://www.zyxel.com/support/CVE-2020-29583.shtml
I’m not sure whether I have one of those?
But this then begs the question. Do you know if you have a Zyxel device on your network?
If you remember waaaaay back in #WeekendWisdom number 1, I talked about needing to have an inventory of all of your hardware so that you could quickly go and find, if you hear a report like this, you say “Do I have Zyxel equipment?” … check the inventory … and then if you do have it, you know you have to take action.
So it’s really important to know what devices you have connected to your network.
So that’s it for this week. Lets be careful out there and we’ll talk to you again next week.
How can L2 Cyber Security help you?
We offer a full range of training programmes, which can be delivered online or in-person*.
L2 Cyber Security are also a partner of CyberRiskAware for online self-directed Cyber Security Awareness training and Phishing testing.
Contact us for more information at info@L2CyberSecurity.com.
*With appropriate social distancing and other health and safety measures adhered to.
Follow us on Social media:
Liam is available on Twitter, LinkedIn and Instagram.
Follow L2 Cyber on Twitter, LinkedIn, Instagram and Facebook.