Zyxel's network storage boxes, business VPN gateways, firewalls, and, er, security scanners can be remotely hijacked by any miscreant, due to a devastating security hole in the firmware. The devices' weblogin.cgi program fails to sanitize user input, allowing anyone who can reach one of these vulnerable machines, over the …
Is this still an issue if all the external facing access is disabled?
I assume you have to have a webpage that will respond to the scammer for them to be able to run a script.
The parents have a home Zyxel router supplied by a small ISP. I had already disabled all external access to it, changed default IP Address and subnet, and changed the port no of the admin console.
Can I assume that means it can only be attacked from inside the house? Or if he is unlucky enough to visit a dodgy website that spits out the commands?
Or do I need to drive the 200miles up there to hit it with the large Hammer Of Disintegration™ to ensure security?
I'm currently banking on The Parents visiting really boring websites for now. The standard ones like Butcher, Tesco, Amazon and the newspapers. They aren't the types to be nosing around on random websites that may have been hacked for Cross Site script to be in place.
Hammer of Destruction will be polished for the next scheduled visit.
This post has been deleted by its author
Users of older Zyxel "NSA210, NSA220, NSA220+, NSA221, NSA310, NSA310S, NSA320, NSA320S, NSA325 and NSA325v2 models". The open source community have your back simply install the latest Tweaks package by Mijzelf and activate the patch. More info here https://zyxel.diskstation.eu/forum/viewtopic.php?f=2&t=156