1. Home
  2. Forums Index
  3. WebmasterWorld / Website Security for Webmasters 9:00 pm Apr 28, 2026

Forum Moderators: open

Message Too Old, No Replies

Harcoded Backdoor Discovered on Zyxel Firewalls

         

engine

10:00 am on Jan 4, 2021 (gmt 0)

WebmasterWorld Administrator 10+ Year Member Top Contributors Of The Month



Researchers have discovered a hardcoded admin-level backddoor on Zyxel firewalls, access point controllers and and VPN gateways.

The recommendation is for an immediate update to the system. Patches are available for the ATP, USG, USG Flex, and VPN series. Patches for the NXC series is expected in April 2021.

Products included are:-
  • the Advanced Threat Protection (ATP) series - used primarily as a firewall
  • the Unified Security Gateway (USG) series - used as a hybrid firewall and VPN gateway
  • the USG FLEX series - used as a hybrid firewall and VPN gateway
  • the VPN series - used as a VPN gateway
  • the NXC series - used as a WLAN access point controller

    [zdnet.com...]

    [zyxel.com...]

    • tangor

    2:45 am on Jan 5, 2021 (gmt 0)

    WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



    Par for the course, of course, then again, due diligence is always required.

    Kudos to the eagle eyes that penetrate these oft-times unintended errors (failure to close in a production unit before release) or other reasons...

    One reason why I still don't own a "smart tv".

    YMMV

    WebOpz

    1:51 pm on Aug 26, 2021 (gmt 0)

    5+ Year Member Top Contributors Of The Month



    Zyxel is terrible. Buy from a more trusted vendor or build your own with the 100's of open source projects w/ commercial support.
     

    Join The Conversation

    Moderators and Top Contributors

    Hot Threads This Week

    1. Home
    2. Forums Index
    3. WebmasterWorld / Website Security for Webmasters 9:00 pm Apr 28, 2026