There will not be a solution, and thousands of routers are in danger. Get rid of them as soon as possible if you have any
A serious security issue is affecting thousands of Zyxel routers, a manufacturer that may sound familiar to you because telecom companies have used its devices for years. Hackers are exploiting critical flaws to gain access to these devices, and the company has decided to wipe the issue clean, leaving users unprotected.
The situation is particularly worrying, TechCrunch reports. Taiwanese manufacturer Zyxel has confirmed that it will not issue any security patches to fix these vulnerabilities, arguing that they are old products, although some of them are still sold on Amazon.
To understand the seriousness of this, let’s think of the router as the security guard of our internet connection: it controls everything that enters and leaves our home network. Experts have discovered that organized groups of cybercriminals are exploiting these flaws to infiltrate users’ networks as if they had a master key.
Cybersecurity firm Censys has identified nearly 1,500 vulnerable routers that are directly connected to the internet, a situation reminiscent of when the U.S. Congress warned about TP-Link routers last August. Among the active threats is Mirai, a malware that turns infected routers into part of a network that criminals use to attack.
The vulnerabilities allow attackers to take full control of these routers, meaning they can see everything that passes through your connection, from the websites you visit to your personal or banking information. And the problem extends beyond the home: More than a million telecom companies use Zyxel routers in their daily communications, doubling the scope of this threat.
Security firm GreyNoise sounded the alarm last month, but there’s more to the story. VulnCheck discovered the vulnerabilities in July of last year and says it notified Zyxel in August. However, the company says it didn’t discover them until January 29, just as GreyNoise reported that attackers were already exploiting the flaws.
Since experts have already warned about old Zyxel routers, the only safe solution is to replace them with newer models that receive regular security updates. Although buying a new router may seem like an unnecessary expense, it is an essential investment in protecting our privacy and security on the Internet.
Zyxel's refusal to address these issues exposes a disturbing practice in the industry: abandoning devices that are still in use and for sale.