Backdoor account discovered in more than 100k Zyxel firewalls, VPN gateways

&gt; Patches are currently available only for the ATP, USG, USG Flex, and VPN series. Patches for the NXC series are expected in April 2021, according to a Zyxel security advisory.<p>4 months to deliver a security patch of this significance? Would love to know what kind of situation leads to that kind of latency.

<a href="https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=25539876" rel="nofollow">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=25539876</a>

This and a little looking on Shodan makes for a scary tale of negligence at scale.

<a href="https:&#x2F;&#x2F;www.reddit.com&#x2F;r&#x2F;sysadmin&#x2F;comments&#x2F;kotu67&#x2F;zyxel_backdoor_found&#x2F;" rel="nofollow">https:&#x2F;&#x2F;www.reddit.com&#x2F;r&#x2F;sysadmin&#x2F;comments&#x2F;kotu67&#x2F;zyxel_back...</a><p><a href="https:&#x2F;&#x2F;en.wikipedia.org&#x2F;wiki&#x2F;Zyxel" rel="nofollow">https:&#x2F;&#x2F;en.wikipedia.org&#x2F;wiki&#x2F;Zyxel</a>

This reminds me of the guy that discovered a backdoor in his router after he forgot the admin password over the Christmas holidays.<p><a href="https:&#x2F;&#x2F;github.com&#x2F;elvanderb&#x2F;TCP-32764" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;elvanderb&#x2F;TCP-32764</a><p>There is helpful hints in that research that enabled me to view the firmware of my own router

Its almost as if Chinese companies are either just arms of the state, or thoroughly infiltrated by state actors! I don&#x27;t think US-based hardware manufacturers are really any better though.<p>To me this just illustrates the need for fully open-sourced hardware and software with domestic production facilities.

Its okay, they all had nothing to hide

This is why I use OpenWrt in my network!