I do work for another firm out in California and one of the biggest clients there suddenly found their guest network offline. When the firewall was attempted to be logged into all account credentials have either been changed or deleted..locking us out of the firewall. Watchguard was called and they sent us to this link:
I finally got a little more detail out of support. There is an active, (my emphasis here not said directly by support) unauthorized, unauthenticated) third party attacking the web admin(or maybe more0 of the Watchguard Admin interface and changing the credentials for all accounts on the device. The link above says they do not expose the web interface to the Internet by default…BUT given the crushing call volume they are under I think a serious 0-day vulnerability is being exploited en-masse~ because i was on hold for a total of two hours over the past couple of days. Their only remedy right now..a hard reset of the device. Better have a config backup.
If you are running a Watchguard firewall make sure you have purpose built firewall rules blocking the webadmin from ANY non internal interface. if it isn’t the interface for your internal network/vlan..block it. Right now I am not sure that would even help. Watchguard has no timetable for a fix…and no suggestions other than the standard use good passwords and do not expose the web admin to the internet. I am not confident this is adequate. Another post will be added once I have more details.