The attacks, currently small in numbers, target CVE-2020-29583, a vulnerability affecting several Zyxel firewalls and WLAN controllers that was publicly disclosed at the end of December.
Firmware updates that remove the bug are already available for some of the affected products, but attackers are seizing the moment, attempting to find vulnerable devices before patches have been applied.
Discovered by EYE security researchers, the issue impacts Zyxel USG, ATP, VPN, ZyWALL, and USG FLEX devices and exists because the password for the undocumented user account zyfwp is stored in the firmware in plaintext.
