>>
https://www.zyxel.com/support/CVE-2020-29583.shtml>>
>>read and weep...
>>No, I don't think NSA would be THAT stupid if they ordered it...
>
>Yes, that's a good one,
I saw it reported just before Christmas. I agree, Hanlon's Razor seems to apply.
Wow, same day original report was published by Zyxel and Eye. Your vuln search filter works great!
Sounds like singular PEBCAC working on only few product lines - similar gaffes with different user/pwd name combos probably searched for by now on all other Zyxel offerings ?
Other possibility stupid policy aggravated by PEBCAC, as the user seems to have been in the firmware before, only PWD "added" readable in latest version.
Your guess on undocumented AND hidden user compiled into other Zyxel product lines (without easy-2-read-pwd)? IIRC Zyxel was bought quite often early this century by government local data hubs and even recommended as building block for my router cascade...
head shaking...
thomas