![]() ![]() In our experience, most users of these devices will not update the firmware very often. Globally, more than 100.000 devices have exposed their web interface to the internet. Using publicly available data from Project Sonar, I was able to identify about 3.000 Zyxel USG/ATP/VPN devices in the Netherlands. Even though older versions do not have this vulnerability, they do have others (such as this buffer overflow) so you should still update.Īs SSL VPN on these devices operates on the same port as the web interface, a lot of users have exposed port 443 of these devices to the internet. It seemed the vulnerability had been introduced in the latest firmware version. I checked the previous firmware version (4.39) and although the user was present, it did not have a password. The user is not visible in the interface and its password cannot be changed. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |