Hello, welcome to the Monday, January 4, 2021 edition of the Sandcent Storm Center's Stormcast.

My name is Johannes Ulrich.

And today I'm recording from Jacksonville, Florida.

Well, to start the year, we have a couple of cleanup items here from last year.

First of all, Brad published an end-of-year traffic

analysis quiz. So if you are in the pack analysis, if you like your wire shark, then take

a look at the traffic he has and, of course, he'll at some point and also publish a solution.

And on December 23rd, which is probably why I missed it,

Niels Tusing from Dutch security company I Control,

did publish an advisory about a backdoor in various products made by Sykesel.

Now, Sykesel is pretty famous for sort of DSL modems and such, but they also make VPNs

and their Seiwall.

That's also a quite common.

USG Flex is another product that is affected by this.

And essentially, it's your good old username and

password that's hard-coded in the firmware and cannot be updated by the user.

This can be exploited via SSH and via the web interface also as VPN credentials which tends

to listen on port 443 on these devices.

A firmware update has been released by Sychcel, but doesn't look like it's available yet

for all devices. Now, I'm not terribly familiar with Syccell, but they're saying for their

AP controllers, the patch will be coming in April.

Now, sadly, one publication that reported about this issue did also publish the full password.

...