{"id":9205,"date":"2021-01-21T12:29:06","date_gmt":"2021-01-21T09:29:06","guid":{"rendered":"https:\/\/www.kaspersky.com.tr\/blog\/?p=9205"},"modified":"2021-01-21T12:29:06","modified_gmt":"2021-01-21T09:29:06","slug":"zyxel-undocumented-account","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.tr\/blog\/zyxel-undocumented-account\/9205\/","title":{"rendered":"ZyXel ekipmanlar\u0131ndaki sabit kodlu hesap"},"content":{"rendered":"<p>Hollandal\u0131 EYE \u015firketinden ara\u015ft\u0131rmac\u0131 Niels Teusink, ge\u00e7ti\u011fimiz Noel\u2019de <a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2020-29583\" target=\"_blank\" rel=\"noopener nofollow\">Zyxel ekipmanlar\u0131ndaki<\/a> bir dizi donan\u0131m g\u00fcvenlik duvar\u0131nda ve kablosuz denetleyicide sabit kodlanm\u0131\u015f bir parolaya sahip, \u201czyfwp\u201d ad\u0131nda, y\u00f6netici d\u00fczeyinde belgelenmemi\u015f bir hesap buldu\u011funa dair bir g\u00fcvenlik a\u00e7\u0131\u011f\u0131 bildirdi. \u00dcr\u00fcn yaz\u0131l\u0131m\u0131 kodu, \u015fifrelenmemi\u015f parolay\u0131 i\u00e7eriyor. Sahiplerin acilen \u00fcr\u00fcn yaz\u0131l\u0131mlar\u0131n\u0131 g\u00fcncellemesini tavsiye ediyoruz.<\/p>\n<h2>Ne t\u00fcr riskler var?<\/h2>\n<p>Hesap, d\u0131\u015far\u0131dan birinin cihaza bir internet aray\u00fcz\u00fc veya SSH protokol\u00fc arac\u0131l\u0131\u011f\u0131yla ba\u011flanmas\u0131na ve y\u00f6netici d\u00fczeyinde eri\u015fim elde etmesine izin veriyor. Hesap devre d\u0131\u015f\u0131 b\u0131rak\u0131lam\u0131yor ve \u015fifre de\u011fi\u015ftirilemiyor. Yani cihaz ayarlar\u0131n\u0131 de\u011fi\u015ftirerek g\u00fcvenlik a\u00e7\u0131\u011f\u0131n\u0131 ortadan kald\u0131ram\u0131yorsunuz.<\/p>\n<p>Teusink\u2019e g\u00f6re \u00f6zellikle tehlikeli olan, baz\u0131 cihazlar\u0131n 443 numaral\u0131 ba\u011flant\u0131 noktas\u0131n\u0131 internet aray\u00fcz\u00fc eri\u015fimi i\u00e7in normal kullan\u0131m\u0131na ek olarak SSL VPN i\u00e7in kullanmas\u0131. Bu nedenle, ba\u011flant\u0131 noktas\u0131 birka\u00e7 a\u011fda internetten eri\u015fime a\u00e7\u0131k oluyor. Kurumsal kaynaklara uzaktan eri\u015fim, bug\u00fcnlerde \u00f6zellikle y\u00fcksek talep g\u00f6r\u00fcyor ve d\u00fcnya \u00e7ap\u0131nda bir\u00e7ok \u00e7al\u0131\u015fan, koronavir\u00fcs salg\u0131n\u0131 s\u0131ras\u0131nda evden \u00e7al\u0131\u015f\u0131yor.<\/p>\n<p>VPN a\u011f ge\u00e7idi, kullan\u0131c\u0131lar\u0131n kurumsal \u00e7evre i\u00e7indeki kaynaklara eri\u015fmek i\u00e7in yeni hesaplar olu\u015fturmas\u0131n\u0131 sa\u011fl\u0131yor. Bu g\u00fcvenlik a\u00e7\u0131\u011f\u0131, sald\u0131rganlar\u0131n cihaz\u0131 yeniden yap\u0131land\u0131rarak trafi\u011fi engellemesine veya trafi\u011fe m\u00fcdahale etmesine de izin verebilir.<\/p>\n<p>Ara\u015ft\u0131rmac\u0131, etik ve g\u00fcvenlik nedenleriyle \u015fifreyi yay\u0131nlamaktan ka\u00e7\u0131nsa da mesaj\u0131, \u015fifrenin nerede bulunaca\u011f\u0131n\u0131 a\u00e7\u0131kl\u0131yordu. Dolay\u0131s\u0131yla bir\u00e7ok siber g\u00fcvenlik kayna\u011f\u0131 bunu halkla payla\u015ft\u0131. Vas\u0131fs\u0131z bilgisayar korsanlar\u0131 bile art\u0131k g\u00fcvenlik a\u00e7\u0131\u011f\u0131ndan yararlanabiliyor; bu da durumu iyice riskli hale getiriyor.<\/p>\n<h2>Hangi cihazlarda g\u00fcvenlik a\u00e7\u0131\u011f\u0131 bulunuyor?<\/h2>\n<p>G\u00fcvenlik a\u00e7\u0131\u011f\u0131, ZLD v4.60 \u00fcr\u00fcn yaz\u0131l\u0131m\u0131 s\u00fcr\u00fcm\u00fcne sahip ATP, USG, USG FLEX ve VPN serisi k\u00fc\u00e7\u00fck i\u015fletme g\u00fcvenlik duvar\u0131 cihazlar\u0131n\u0131 etkiliyor. Derhal \u00fcr\u00fcn yaz\u0131l\u0131m\u0131 g\u00fcncellemesine ihtiya\u00e7 duyan modellerin tam listesi ve ilgili yamalara ba\u011flant\u0131lar <a href=\"https:\/\/businessforum.zyxel.com\/discussion\/5252\/zld-v4-60-revoke-and-wk48-firmware-release\" target=\"_blank\" rel=\"noopener nofollow\">ZyXel internet sitesinde mevcut<\/a>.<\/p>\n<p>Savunmas\u0131z ayg\u0131tlar\u0131n listesi, \u00fcr\u00fcn yaz\u0131l\u0131m\u0131 s\u00fcr\u00fcmleri v6.00 ile v6.10 aras\u0131nda olan NXC2500 ve NXC5500 kablosuz a\u011f denetleyicilerini de i\u00e7eriyor, ancak bunlar i\u00e7in yamalar hen\u00fcz haz\u0131r de\u011fil. ZyXel, 8 Ocak\u2019ta \u00e7\u0131kacaklar\u0131n\u0131 s\u00f6yl\u00fcyor.<\/p>\n<p>Bu g\u00fcvenlik a\u00e7\u0131\u011f\u0131, eski \u00fcr\u00fcn yaz\u0131l\u0131m\u0131 s\u00fcr\u00fcmlerini etkilemiyor, ancak eski \u00fcr\u00fcn yaz\u0131l\u0131m\u0131 sahiplerinin korkaca\u011f\u0131 hi\u00e7bir \u015fey yok da diyemeyiz. Yeni \u00fcr\u00fcn yaz\u0131l\u0131mlar\u0131 bir (veya genelde birka\u00e7) sebeple olu\u015fturulur ve cihazlar\u0131 g\u00fcncel tutmak, g\u00fcvende tutmaya da yard\u0131mc\u0131 olur.<\/p>\n<h2>Ne yapmak gerekiyor?<\/h2>\n<p>\u00d6ncelikle, savunmas\u0131z cihazlar\u0131n donan\u0131m yaz\u0131l\u0131m\u0131n\u0131 <a href=\"https:\/\/businessforum.zyxel.com\/discussion\/5252\/zld-v4-60-revoke-and-wk48-firmware-release\" target=\"_blank\" rel=\"noopener nofollow\">ZyXel\u2019in forumlar\u0131nda<\/a> bulunan yamalar ile derhal g\u00fcncelleyin. Cihazlar\u0131n\u0131z i\u00e7in hen\u00fcz bir yama yoksa forumlar\u0131 yak\u0131ndan takip edin ve yay\u0131nlan\u0131r yay\u0131nlanmaz g\u00fcncellemeyi uygulay\u0131n.<\/p>\n<p>Buna ek olarak, g\u00fc\u00e7l\u00fc bir\u00a0<a href=\"https:\/\/www.kaspersky.com.tr\/small-business-security\/small-office-security?icid=tr_kdailyplacehold_acq_ona_smm__onl_b2b_kasperskydaily_banner____ksos___\" target=\"_blank\" rel=\"noopener\">i\u015f istasyonu g\u00fcvenli\u011fi<\/a> \u00e7\u00f6z\u00fcm\u00fc kullanman\u0131z\u0131 \u00f6neririz; \u00e7al\u0131\u015fan bilgisayarlar\u0131n\u0131n, sald\u0131rganlar potansiyel olarak kurumsal a\u011fa eri\u015fmeden <em>\u00f6nce<\/em> korunmas\u0131 gerekir.<\/p>\n<input type=\"hidden\" class=\"category_for_banner\" value=\"ksos\">\n","protected":false},"excerpt":{"rendered":"<p>ZyXel taraf\u0131ndan \u00fcretilen \u00e7e\u015fitli a\u011f cihazlar\u0131nda, &#8220;Zyfwp&#8221; ad\u0131nda, sabit kodlanm\u0131\u015f bir parolaya sahip y\u00f6netici d\u00fczeyinde bir hesap ke\u015ffedildi.<\/p>\n","protected":false},"author":2581,"featured_media":9208,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1726,1194,1727],"tags":[2346,790],"class_list":{"0":"post-9205","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-enterprise","8":"category-business","9":"category-smb","10":"tag-ag-donanimlari","11":"tag-guvenlik-aciklari"},"hreflang":[{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/zyxel-undocumented-account\/9205\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/zyxel-undocumented-account\/22392\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/zyxel-undocumented-account\/17880\/"},{"hreflang":"ar","url":"https:\/\/me.kaspersky.com\/blog\/zyxel-undocumented-account\/8864\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/zyxel-undocumented-account\/24069\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/zyxel-undocumented-account\/22150\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/zyxel-undocumented-account\/20834\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/zyxel-undocumented-account\/24497\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/zyxel-undocumented-account\/23699\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/zyxel-undocumented-account\/29933\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/zyxel-undocumented-account\/38335\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/zyxel-undocumented-account\/16229\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/zyxel-undocumented-account\/16808\/"},{"hreflang":"pl","url":"https:\/\/plblog.kaspersky.com\/zyxel-undocumented-account\/14356\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/zyxel-undocumented-account\/26052\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/zyxel-undocumented-account\/29858\/"},{"hreflang":"nl","url":"https:\/\/www.kaspersky.nl\/blog\/zyxel-undocumented-account\/26576\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/zyxel-undocumented-account\/23429\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/zyxel-undocumented-account\/28769\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/zyxel-undocumented-account\/28579\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com.tr\/blog\/tag\/guvenlik-aciklari\/","name":"g\u00fcvenlik a\u00e7\u0131klar\u0131"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/9205","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/users\/2581"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/comments?post=9205"}],"version-history":[{"count":3,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/9205\/revisions"}],"predecessor-version":[{"id":9209,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/9205\/revisions\/9209"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media\/9208"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media?parent=9205"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/categories?post=9205"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/tags?post=9205"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}