Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2020-29583
HistoryDec 22, 2020 - 10:15 p.m.

CVE-2020-29583

2020-12-2222:15:14
CWE-522
[email protected]
web.nvd.nist.gov
1

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.962 High

EPSS

Percentile

99.5%

JSON

Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable password. The password for this account can be found in cleartext in the firmware. This account can be used by someone to login to the ssh server or web interface with admin privileges.

Affected configurations

NVD
Node
zyxelusg20-vpn_firmwareMatch4.60
AND
zyxelusg20-vpnMatch-
Node
zyxelusg20w-vpn_firmwareMatch4.60
AND
zyxelusg20w-vpnMatch-
Node
zyxelusg40_firmwareMatch4.60
AND
zyxelusg40Match-
Node
zyxelusg40w_firmwareMatch4.60
AND
zyxelusg40wMatch-
Node
zyxelusg60_firmwareMatch4.60
AND
zyxelusg60Match-
Node
zyxelusg60w_firmwareMatch4.60
AND
zyxelusg60wMatch-
Node
zyxelusg110_firmwareMatch4.60
AND
zyxelusg110Match-
Node
zyxelusg210_firmwareMatch4.60
AND
zyxelusg210Match-
Node
zyxelusg310_firmwareMatch4.60
AND
zyxelusg310Match-
Node
zyxelusg1100_firmwareMatch4.60
AND
zyxelusg1100Match-
Node
zyxelusg1900_firmwareMatch4.60
AND
zyxelusg1900Match-
Node
zyxelusg2200_firmwareMatch4.60
AND
zyxelusg2200Match-
Node
zyxelzywall110_firmwareMatch4.60
AND
zyxelzywall110Match-
Node
zyxelzywall310_firmwareMatch4.60
AND
zyxelzywall310Match-
Node
zyxelzywall1100_firmwareMatch4.60
AND
zyxelzywall1100Match-

Related

threatpost 1
prion 1
thn 2
cvelist 1
cisa 1
cve 1
attackerkb 1
nessus 1
cisa_kev 1
nuclei 1
githubexploit 1
rapid7blog 1
ics 1
threatpost
threatpost
Cybercriminals Ramp Up Exploits Against Serious Zyxel Flaw
2021-01-06 16:40:26
prion
prion
Default credentials
2020-12-22 22:15:00
thn
thn
Secret Backdoor Account Found in Several Zyxel Firewall, VPN Products
2021-01-01 13:49:00
Watch Out! Zyxel Firewalls and VPNs Under Active Cyberattack
2021-06-25 10:37:00
cvelist
cvelist
CVE-2020-29583
2020-12-22 00:00:00
cisa
cisa
MS-ISAC Releases Cybersecurity Advisory on Zyxel Firewalls and AP Controllers
2021-01-08 00:00:00
cve
cve
CVE-2020-29583
2020-12-22 22:15:14
attackerkb
attackerkb
CVE-2020-29583 Zyxel USG Hard-Coded Admin Creds
2020-12-22 00:00:00
nessus
nessus
Zyxel USG Hardcoded Default Password (CVE-2020-29583)
2023-03-15 00:00:00
cisa_kev
cisa_kev
Zyxel Multiple Products Use of Hard-Coded Credentials Vulnerability
2021-11-03 00:00:00
nuclei
nuclei
ZyXel USG - Hardcoded Credentials
2023-05-25 18:18:57
githubexploit
githubexploit
Exploit for Cleartext Storage of Sensitive Information in Zyxel Usg20-Vpn Firmware
2021-01-04 00:56:55
rapid7blog
rapid7blog
Metasploit Wrap-Up
2021-01-22 19:21:10
ics
ics
People’s Republic of China State-Sponsored Cyber Actors Exploit Network Providers and Devices
2022-06-10 12:00:00

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.962 High

EPSS

Percentile

99.5%

JSON
Related for NVD:CVE-2020-29583
threatpost1prion1thn2cvelist1cisa1cve1attackerkb1nessus1cisa_kev1nuclei1githubexploit1rapid7blog1ics1