• About
  • Advertise
  • Careers
  • Contact
Monday, March 20, 2023
No Result
View All Result
NEWSLETTER
Cyber360 News
  • Home
  • Security
  • Data Breach
  • Cyber Attacks
  • Cyber Security
  • Cyber Crime
  • Contact Us
  • Home
  • Security
  • Data Breach
  • Cyber Attacks
  • Cyber Security
  • Cyber Crime
  • Contact Us
No Result
View All Result
Cyber360 News
No Result
View All Result
Home Security

Experts disclose tens of flaws in Zyxel Cloud CNM SecuManager, includes dangerous backdoors

by Cyber360 News
March 12, 2020
in Security
0
Experts disclose tens of flaws in Zyxel Cloud CNM SecuManager, includes dangerous backdoors
0
SHARES
1
VIEWS
Share on FacebookShare on Twitter

Flaws Riddle Zyxel’s Network Management Software

Experts have found tens of security vulnerabilities in Zyxel Network Management Software, including backdoors and hardcoded SSH keys.

Security researchers Pierre Kim and Alexandre Torres have discovered several vulnerabilities Zyxel Cloud CNM SecuManager software that could expose users to cyber attacks.

The Zyxel Cloud CNM SecuManager is a comprehensive network management software that provides an integrated console to manage security gateways including the ZyWALL USG and VPN Series.

The experts have discovered 16 vulnerabilities, including default credentials to insecure memory storage and backdoors.

Below the full list of issues discovered by the experts:

  1. Hardcoded SSH server keys
  2. Backdoors accounts in MySQL
  3. Hardcoded certificate and backdoor access in Ejabberd
  4. Open ZODB storage without authentication
  5. MyZyxel ‘Cloud’ Hardcoded Secret
  6. Hardcoded Secrets, APIs
  7. Predefined passwords for admin accounts
  8. Insecure management over the ‘Cloud’
  9. xmppCnrSender.py log escape sequence injection
  10. xmppCnrSender.py no authentication and clear-text communication
  11. Incorrect HTTP requests cause out of range access in Zope
  12. XSS on the web interface
  13. Private SSH key
  14. Backdoor APIs
  15. Backdoor management access and RCE
  16. Pre-auth RCE with chrooted access

“The attack surface is very large and many different stacks are being used it very interesting. Furthermore, some daemons are running as root and are reachable from the WAN. Also, there is no firewall by default.” reads the report published by the researchers.

Giving a close look at the above list we can notice the presence of “Hardcoded SSH server keys” for the main host that could be used by attackers to launch MiTM attacks.

“By default, the appliance uses hardcoded SSH server keys for the main host and for the chroot environments as shown below. This allows an attacker to MITM and decrypt the encrypted traffic.” reads the post published by the experts. “It should be noted the private keys are using wrong permissions and are world-readable (644).”

Experts also discovered the presence of backdoor accounts in MySQL.

“MySQL is pre-configured with several static accounts. It only listens to the loopback interface.”

Experts also reported the use of predefined passwords for admin accounts.

Another bug is related to the use of insecure management over the cloud.

“By default, myzxel.pyc used for communication to the ‘Cloud’ uses some hardcoded variables for communication over HTTPS,” said the experts. “The function get_account_info uses the account_id, the jwt_secret and the jwt_secret_id… The jwt_secret and jwt_secret_id are generated as unique key for each appliance.”

Technical details about the vulnerabilities are reported in the analysis published by the experts.

Vulnerable software includes Zyxel CNM SecuManager versions 3.1.0 and 3.1.1 – last updated in November 2018.

One of the researchers, Kim, explained that he did not disclose the vulnerabilities to Zyxel because he suspects that the vendor has intentionally introduced the backdoors into its products.

Zyxel confirmed that is currently investigating the issues disclosed by the experts and pointed out that the CloudCNM SecuManager is a used by a very limited number of customers.

At the time of writing the vendor has yet to publish any advisory on the vulnerabilities reported by the experts.

In February, Zyxel addressed a critical remote code execution vulnerability, tracked as CVE-2020-9054, that impacts several network-attached storage (NAS) devices, the issue is being exploited in the wild.

Pierluigi Paganini

(SecurityAffairs – hacking, Zyxel)



Share On


Cyber360 News

Cyber360 News

Next Post
Microsoft calls it “one of the world’s most prolific botnets.”

Microsoft calls it “one of the world’s most prolific botnets.”

Recent Posts

Twitch’s Entire Critical Data Leaked, Includes Streamer Earnings, Source Code

Twitch’s Entire Critical Data Leaked, Includes Streamer Earnings, Source Code

October 6, 2021
Former U.S. Security Firm Helped The UAE Carry Out “Karma” iMessage Hack: MIT Tech Review

Former U.S. Security Firm Helped The UAE Carry Out “Karma” iMessage Hack: MIT Tech Review

October 1, 2021
Facing “This App Has Been Blocked For Your Protection” Issue? Here’s How You Can Fix It

Facing “This App Has Been Blocked For Your Protection” Issue? Here’s How You Can Fix It

October 1, 2021

Whats New in Kali Linux?

September 14, 2021

Kali Linux 2019.3 Release (CloudFlare, Kali-status, metapackages, Helper-Scripts & LXD)

September 14, 2021

Kali Linux 2021.3 Release (OpenSSL, Kali-Tools, Kali Live VM Support, Kali NetHunter Smartwatch)

September 14, 2021

Kali Linux 2018.4 Release

September 14, 2021

Kali Linux 1.0.5 and Software Defined Radio

September 14, 2021

Kali Tools Website Launched, 1.0.9 Release

September 14, 2021

Kali Linux Dojo at Black Hat Vegas 2016

September 14, 2021

Category

Site Links

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

About Us

We bring you the best Premium WordPress Themes that perfect for news, magazine, personal blog, etc. Check our landing page for details.

© 2019 Cyber360 News - Powered by WebSensePro

No Result
View All Result
  • Home
  • Security
  • Data Breach
  • Cyber Attacks
  • Cyber Security
  • Cyber Crime
  • Contact Us

© 2019 Cyber360 News - Powered by WebSensePro

Login to your account below

Forgotten Password?

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In