Zyxel is a company based in Taiwan which manufactures networking devices such as routers, NAS devices, range extenders and similar. These types of devices are on the front line against the internet, which is vast and it can pose a threat if there is someone with intent to endanger you on the other side. Recently we have learned that Zyxel brand NAS devices (Network Assisted Storage) were affected by a nasty 0-day exploit which basically allows the perpetrator to remotely control your device. Exploit has been explained in detail by a cybercrime forum member “500mhz” who is apparently a well known seller of such exploits on the forum. The jest of the exploit is that you modify two characters in the username on the log-in screen, but as you might expect, there is a lot more to it.

Alex Holden, a member of the Hold Security company has managed to acquire a part of the code found in the exploit which gives an insight on how does it work and what does it do.

Fortunately, Zyxel has responded quickly to this threat and has posted an announcement with a patch that fixes this vulnerability, enabling users of affected devices to calmly continue using their drives.

Unfortunately, many of the affected devices are no longer supported by Zyxel, so there will be no on-the-fly patches for these devices: NAS542, NAS540, NAS520, NAS326, NSA325 v2, NSA325, NSA320S, NSA320, NSA310S, NSA310, NSA221, NSA220+, NSA220, and NSA210. Users of these NAS units have been advised to connect their devices to a firewall, giving an extra layer of physical protection.

Source: KrebsOnSecurity


Editor’s note: It seems like you accidentaly (or intentionally landed on one of our archived news article. For the fresh stuff you would need to jump over to the tech news section on the homepage. In case you have trouble with any Zyxel devices, we would recommend a look at our guides, as well as troubleshooting tutorials. If you have any questions you can always reach out to us from our contact us page. See you on the front page!