TGriff  Freshman Member

This appears to be a global thing then. The devices I have that were compromised are located in the Southern USA. With the same User name and Policy name that was shared by WebWorks. I will have to do an inspection of our other Zyxel devices that were on the most recent firmware, V5.39. But so far the 2 compromised devices…

Hey @WebWorks, Do you have any information that you can share with me about this? I am currently investigating something eerily similar. I have recently seen a Zyxel FLEX 500 and a ATP200 get compromised, I believe both on V5.38 at that time. On the Flex 500 I found a User account and a SSL VPN created with that same name…