Lucene search

K

MitreCVELIST:CVE-2020-29583

HistoryDec 22, 2020 - 12:00 a.m.

CVE-2020-29583

2020-12-2200:00:00

mitre

www.cve.org

1

9.8 High

AI Score

Confidence

High

0.962 High

EPSS

Percentile

99.5%

Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable password. The password for this account can be found in cleartext in the firmware. This account can be used by someone to login to the ssh server or web interface with admin privileges.

References

ftp.zyxel.com/USG40/firmware/USG40_4.60%28AALA.1%29C0_2.pdf

businessforum.zyxel.com/discussion/5252/zld-v4-60-revoke-and-wk48-firmware-release

businessforum.zyxel.com/discussion/5254/whats-new-for-zld4-60-patch-1-available-on-dec-15

www.eyecontrol.nl/blog/undocumented-user-account-in-zyxel-products.html

www.secpod.com/blog/a-secret-zyxel-firewall-and-ap-controllers-could-allow-for-administrative-access-cve-2020-29583/

www.zyxel.com/support/CVE-2020-29583.shtml

www.zyxel.com/support/security_advisories.shtml

9.8 High

AI Score

Confidence

High

0.962 High

EPSS

Percentile

99.5%

Related for CVELIST:CVE-2020-29583

cisa1 cve1 cisa_kev1 nuclei1 thn2 prion1 threatpost1 nvd1 attackerkb1 nessus1 githubexploit1 rapid7blog1 ics1