Level Extreme platform
Subscription
Corporate profile
Products & Services
Support
Legal
Français
Zyxel Vulnerability - Facepalm Level!
Message
From
05/01/2021 11:39:08
Thomas Ganss
Main Trend
Frankfurt, Germany
 
 
To
04/01/2021 22:20:27
Al Doman
M3 Enterprises Inc.
North Vancouver, British Columbia, Canada
General information
Forum:
Hardware
Category:
Networking
Title:
Re: Zyxel Vulnerability - Facepalm Level!
Miscellaneous
Thread ID:
01677753
Message ID:
01677755
Views:
75
>>https://www.zyxel.com/support/CVE-2020-29583.shtml
>>
>>read and weep...
>>No, I don't think NSA would be THAT stupid if they ordered it...
>
>Yes, that's a good one, I saw it reported just before Christmas. I agree, Hanlon's Razor seems to apply.

Wow, same day original report was published by Zyxel and Eye. Your vuln search filter works great!

Sounds like singular PEBCAC working on only few product lines - similar gaffes with different user/pwd name combos probably searched for by now on all other Zyxel offerings ?
Other possibility stupid policy aggravated by PEBCAC, as the user seems to have been in the firmware before, only PWD "added" readable in latest version.

Your guess on undocumented AND hidden user compiled into other Zyxel product lines (without easy-2-read-pwd)? IIRC Zyxel was bought quite often early this century by government local data hubs and even recommended as building block for my router cascade...

head shaking...
thomas
Previous
Next
Reply
Map
View

Click here to load this message in the networking platform