CVE-2020-29583

Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable password. The password for this account can be found in cleartext in the firmware. This account can be used by someone to login to the ssh server or web interface with admin privileges.

Published: Dec 22, 2020
Updated: Jul 27, 2024
CVE: CVE-2020-29583
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 10
AV:N/AC:L/Au:N/C:C/I:C/A:C

CWEs:

CWE-522

OWASP TOP 10:

A2 - Broken Authentication

Affected Software
References

Software	From	Fixed in
zyxel / usg20-vpn_firmware	4.60	4.60.x
zyxel / usg20w-vpn_firmware	4.60	4.60.x
zyxel / usg40_firmware	4.60	4.60.x
zyxel / usg40w_firmware	4.60	4.60.x
zyxel / usg60_firmware	4.60	4.60.x
zyxel / usg60w_firmware	4.60	4.60.x
zyxel / usg110_firmware	4.60	4.60.x
zyxel / usg210_firmware	4.60	4.60.x
zyxel / usg310_firmware	4.60	4.60.x
zyxel / usg1100_firmware	4.60	4.60.x
zyxel / usg1900_firmware	4.60	4.60.x
zyxel / usg2200_firmware	4.60	4.60.x
zyxel / zywall110_firmware	4.60	4.60.x
zyxel / zywall310_firmware	4.60	4.60.x
zyxel / zywall1100_firmware	4.60	4.60.x
zyxel / atp100_firmware	4.60	4.60.x
zyxel / atp100w_firmware	4.60	4.60.x
zyxel / atp200_firmware	4.60	4.60.x
zyxel / atp500_firmware	4.60	4.60.x
zyxel / atp700_firmware	4.60	4.60.x
zyxel / atp800_firmware	4.60	4.60.x
zyxel / vpn50_firmware	4.60	4.60.x
zyxel / vpn100_firmware	4.60	4.60.x
zyxel / vpn300_firmware	4.60	4.60.x
zyxel / vpn1000_firmware	4.60	4.60.x
zyxel / usg_flex_100_firmware	4.60	4.60.x
zyxel / usg_flex_100w_firmware	4.60	4.60.x
zyxel / usg_flex_200_firmware	4.60	4.60.x
zyxel / usg_flex_500_firmware	4.60	4.60.x
zyxel / usg_flex_700_firmware	4.60	4.60.x

Vulnerability Database

289,784

CVE-2020-29583