CVE-2020-29583

Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable password. The password for this account can be found in cleartext in the firmware. This account can be used by someone to login to the ssh server or web interface with admin privileges.

CVSS v3.0 9.8 CRITICAL
CVSS v2.0 10.0 HIGH

9.8^/10

CVSS v3.0 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

10.0^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://www.zyxel.com/support/security_advisories.shtml	Vendor Advisory
https://businessforum.zyxel.com/discussion/5254/whats-new-for-zld4-60-patch-1-available-on-dec-15	Release Notes Vendor Advisory
http://ftp.zyxel.com/USG40/firmware/USG40_4.60(AALA.1)C0_2.pdf	Vendor Advisory
https://businessforum.zyxel.com/discussion/5252/zld-v4-60-revoke-and-wk48-firmware-release	Release Notes Vendor Advisory
https://www.eyecontrol.nl/blog/undocumented-user-account-in-zyxel-products.html	Third Party Advisory
https://www.zyxel.com/support/CVE-2020-29583.shtml	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:zyxel:usg20-vpn_firmware:4.60:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:usg20-vpn:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:zyxel:usg20w-vpn_firmware:4.60:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:usg20w-vpn:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:zyxel:usg40_firmware:4.60:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:usg40:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:zyxel:usg40w_firmware:4.60:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:usg40w:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:zyxel:usg60_firmware:4.60:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:usg60:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:zyxel:usg60w_firmware:4.60:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:usg60w:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:zyxel:usg110_firmware:4.60:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:usg110:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:zyxel:usg210_firmware:4.60:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:usg210:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:zyxel:usg310_firmware:4.60:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:usg310:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:zyxel:usg1100_firmware:4.60:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:usg1100:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:zyxel:usg1900_firmware:4.60:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:usg1900:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:zyxel:usg2200_firmware:4.60:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:usg2200:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:zyxel:zywall110_firmware:4.60:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:zywall110:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:zyxel:zywall310_firmware:4.60:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:zywall310:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:zyxel:zywall1100_firmware:4.60:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:zywall1100:-:*:*:*:*:*:*:*

Information

Published : 2020-12-22 14:15

Updated : 2022-07-12 10:42

NVD link : CVE-2020-29583

Mitre link : CVE-2020-29583

JSON object : View

CWE

CWE-522

Insufficiently Protected Credentials

Products Affected

zyxel

zywall110_firmware
usg60w
usg20w-vpn
usg60
usg40w_firmware
usg210
usg110_firmware
usg310_firmware
usg20-vpn_firmware
zywall1100
usg60w_firmware
usg2200_firmware
usg40_firmware
usg1100_firmware
usg20w-vpn_firmware
usg1100
usg2200
usg1900_firmware
zywall310
usg310
usg40
usg210_firmware
usg110
usg1900
usg60_firmware
zywall1100_firmware
usg20-vpn
zywall110
usg40w
zywall310_firmware

9.8 /10