Thursday 12 March 2020

Flaws Riddle Zyxel’s Network Management Software

Security researchers are warning that networking hardware vendor Zyxel and its Cloud CNM SecuManager software is chock-full of unpatched vulnerabilities that kick open the doors for hackers to exploit. In all, researchers have identified 16 vulnerabilities, ranging from multiple backdoors and default credentials to insecure memory storage.

The Zyxel CNM SecuManager is a networking management software solution that provides an integrated console to monitor and manage enterprise security gateways, such as the company’s own ZyWALL USG and its VPN series products. When contacted by Threatpost, Zyxel would not say how many users of the product there are, only that the number was “what does a computer engineer do.”

However, security researchers Pierre Kim and Alexandre Torres wrote in a report posted Monday that “the attack surface is very large and many different stacks are being used making it very interesting. Furthermore, some daemons are running as root and are reachable from the WAN. Also, there is no firewall by default.” The report outlined the more than a dozen flaws.

No comments:

Post a Comment