2020 is a busy start for me, as I need to verify if my Zyxel device is affected by this vulnerability or not.
Zyxel appliance (firewall, VPN gateways, access point controllers) is found to contain a hardcoded admin-level backdoor account that can grant attackers root access to devices via SSH or we administration panel.
The username and password (zyfwp/PrOw!aN_fXp) were visible in one of the Zyxel firmware binaries. And this vulnerability has been assigned CVE-2020-29583 for tracking.
Previously, there was a backdoor account tracked as CVE-2016-10401, where Zyxel devices contained a secret backdoor mechanism that allowed anyone to elevate any account on a Zyxel device to root level using the "zyad5001" SU (super-user) password.
Link: Backdoor account discovered in more than 100,000 Zyxel firewalls, VPN gateways | ZDNet
Update 2021-01-10:
Using the zyHell (perl) script from https://donev.eu/ save a lot of my time in verifying the vulnerability.