Vulnerabilities in Zyxel's ZyWall products
The web-based user interface of the ZyWall range of products contains vulnerabilities that allow unauthorised attackers to obtain data and reconfigure devices. The ZyXEL USG 20, 20W, 50, 100, 200, 300, 1000, 1050 and 2000 appliances are affected.
Attackers can then crack the passwords, or upload a modified configuration file. RedTeam says that this is also possible without authentication using a trick: for instance, an attacker could insert a password hash and then use this password to log in later as an admin. All that's required for an attack to be successful is that the web interface is accessible; curl, wget or a browser are the only tools needed.
RedTeam also managed to decrypt the encrypted firmware using a known-plaintext attack. Zyxel released new firmware to fix the problems on 25 April.