Plateforme Level Extreme
Abonnement
Profil corporatif
Produits & Services
Support
Légal
English
Zyxel Vulnerability - Facepalm Level!
Message
De
05/01/2021 11:39:08
Thomas Ganss
Main Trend
Frankfurt, Allemagne
 
 
À
04/01/2021 22:20:27
Al Doman
M3 Enterprises Inc.
North Vancouver, Colombie Britannique, Canada
Information générale
Forum:
Hardware
Catégorie:
Réseautage
Titre:
Re: Zyxel Vulnerability - Facepalm Level!
Divers
Thread ID:
01677753
Message ID:
01677755
Vues:
74
>>https://www.zyxel.com/support/CVE-2020-29583.shtml
>>
>>read and weep...
>>No, I don't think NSA would be THAT stupid if they ordered it...
>
>Yes, that's a good one, I saw it reported just before Christmas. I agree, Hanlon's Razor seems to apply.

Wow, same day original report was published by Zyxel and Eye. Your vuln search filter works great!

Sounds like singular PEBCAC working on only few product lines - similar gaffes with different user/pwd name combos probably searched for by now on all other Zyxel offerings ?
Other possibility stupid policy aggravated by PEBCAC, as the user seems to have been in the firmware before, only PWD "added" readable in latest version.

Your guess on undocumented AND hidden user compiled into other Zyxel product lines (without easy-2-read-pwd)? IIRC Zyxel was bought quite often early this century by government local data hubs and even recommended as building block for my router cascade...

head shaking...
thomas
Précédent
Suivant
Répondre
Fil
Voir

Click here to load this message in the networking platform