There we go again.. default passwords as backdoors to security gear.

It is a safe bet that this has been exploited by [US|CN|RU|IR] cyberspies.

https://www.zdnet.com/article/backdoor-account-discovered-in-more-than-100000-zyxel-firewalls-vpn-gateways/