CVE-2020-29583
Zyxel Multiple Products Use of Hard-Coded Credentials Vulnerability
Severity Score
9.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
Yes
*KEV
Decision
-
*SSVC
Descriptions
Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable password. The password for this account can be found in cleartext in the firmware. This account can be used by someone to login to the ssh server or web interface with admin privileges.
La versión de firmware 4.60 de los dispositivos Zyxel USG contiene una cuenta no documentada (zyfwp) con una contraseña que no puede ser cambiada. La contraseña para esta cuenta se puede encontrar en texto sin cifrar en el firmware. Esta cuenta puede ser usada por alguien para iniciar sesión en el servidor ssh o en la interfaz web con privilegios de administrador
Zyxel firewalls (ATP, USG, VM) and AP Controllers (NXC2500 and NXC5500) contain a use of hard-coded credentials vulnerability in an undocumented account ("zyfwp") with an unchangeable password.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2020-12-06 CVE Reserved
- 2020-12-22 CVE Published
- 2021-11-03 Exploited in Wild
- 2022-05-03 KEV Due Date
- 2024-08-04 CVE Updated
- 2024-11-12 EPSS Updated
- ---------- First Exploit
CWE
- CWE-522: Insufficiently Protected Credentials
CAPEC
References (7)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Zyxel Search vendor "Zyxel" | Usg20-vpn Firmware Search vendor "Zyxel" for product "Usg20-vpn Firmware" | 4.60 Search vendor "Zyxel" for product "Usg20-vpn Firmware" and version "4.60" | - |
Affected
| in | Zyxel Search vendor "Zyxel" | Usg20-vpn Search vendor "Zyxel" for product "Usg20-vpn" | - | - |
Safe
|
| Zyxel Search vendor "Zyxel" | Usg20w-vpn Firmware Search vendor "Zyxel" for product "Usg20w-vpn Firmware" | 4.60 Search vendor "Zyxel" for product "Usg20w-vpn Firmware" and version "4.60" | - |
Affected
| in | Zyxel Search vendor "Zyxel" | Usg20w-vpn Search vendor "Zyxel" for product "Usg20w-vpn" | - | - |
Safe
|
| Zyxel Search vendor "Zyxel" | Usg40 Firmware Search vendor "Zyxel" for product "Usg40 Firmware" | 4.60 Search vendor "Zyxel" for product "Usg40 Firmware" and version "4.60" | - |
Affected
| in | Zyxel Search vendor "Zyxel" | Usg40 Search vendor "Zyxel" for product "Usg40" | - | - |
Safe
|
| Zyxel Search vendor "Zyxel" | Usg40w Firmware Search vendor "Zyxel" for product "Usg40w Firmware" | 4.60 Search vendor "Zyxel" for product "Usg40w Firmware" and version "4.60" | - |
Affected
| in | Zyxel Search vendor "Zyxel" | Usg40w Search vendor "Zyxel" for product "Usg40w" | - | - |
Safe
|
| Zyxel Search vendor "Zyxel" | Usg60 Firmware Search vendor "Zyxel" for product "Usg60 Firmware" | 4.60 Search vendor "Zyxel" for product "Usg60 Firmware" and version "4.60" | - |
Affected
| in | Zyxel Search vendor "Zyxel" | Usg60 Search vendor "Zyxel" for product "Usg60" | - | - |
Safe
|
| Zyxel Search vendor "Zyxel" | Usg60w Firmware Search vendor "Zyxel" for product "Usg60w Firmware" | 4.60 Search vendor "Zyxel" for product "Usg60w Firmware" and version "4.60" | - |
Affected
| in | Zyxel Search vendor "Zyxel" | Usg60w Search vendor "Zyxel" for product "Usg60w" | - | - |
Safe
|
| Zyxel Search vendor "Zyxel" | Usg110 Firmware Search vendor "Zyxel" for product "Usg110 Firmware" | 4.60 Search vendor "Zyxel" for product "Usg110 Firmware" and version "4.60" | - |
Affected
| in | Zyxel Search vendor "Zyxel" | Usg110 Search vendor "Zyxel" for product "Usg110" | - | - |
Safe
|
| Zyxel Search vendor "Zyxel" | Usg210 Firmware Search vendor "Zyxel" for product "Usg210 Firmware" | 4.60 Search vendor "Zyxel" for product "Usg210 Firmware" and version "4.60" | - |
Affected
| in | Zyxel Search vendor "Zyxel" | Usg210 Search vendor "Zyxel" for product "Usg210" | - | - |
Safe
|
| Zyxel Search vendor "Zyxel" | Usg310 Firmware Search vendor "Zyxel" for product "Usg310 Firmware" | 4.60 Search vendor "Zyxel" for product "Usg310 Firmware" and version "4.60" | - |
Affected
| in | Zyxel Search vendor "Zyxel" | Usg310 Search vendor "Zyxel" for product "Usg310" | - | - |
Safe
|
| Zyxel Search vendor "Zyxel" | Usg1100 Firmware Search vendor "Zyxel" for product "Usg1100 Firmware" | 4.60 Search vendor "Zyxel" for product "Usg1100 Firmware" and version "4.60" | - |
Affected
| in | Zyxel Search vendor "Zyxel" | Usg1100 Search vendor "Zyxel" for product "Usg1100" | - | - |
Safe
|
| Zyxel Search vendor "Zyxel" | Usg1900 Firmware Search vendor "Zyxel" for product "Usg1900 Firmware" | 4.60 Search vendor "Zyxel" for product "Usg1900 Firmware" and version "4.60" | - |
Affected
| in | Zyxel Search vendor "Zyxel" | Usg1900 Search vendor "Zyxel" for product "Usg1900" | - | - |
Safe
|
| Zyxel Search vendor "Zyxel" | Usg2200 Firmware Search vendor "Zyxel" for product "Usg2200 Firmware" | 4.60 Search vendor "Zyxel" for product "Usg2200 Firmware" and version "4.60" | - |
Affected
| in | Zyxel Search vendor "Zyxel" | Usg2200 Search vendor "Zyxel" for product "Usg2200" | - | - |
Safe
|
| Zyxel Search vendor "Zyxel" | Zywall110 Firmware Search vendor "Zyxel" for product "Zywall110 Firmware" | 4.60 Search vendor "Zyxel" for product "Zywall110 Firmware" and version "4.60" | - |
Affected
| in | Zyxel Search vendor "Zyxel" | Zywall110 Search vendor "Zyxel" for product "Zywall110" | - | - |
Safe
|
| Zyxel Search vendor "Zyxel" | Zywall310 Firmware Search vendor "Zyxel" for product "Zywall310 Firmware" | 4.60 Search vendor "Zyxel" for product "Zywall310 Firmware" and version "4.60" | - |
Affected
| in | Zyxel Search vendor "Zyxel" | Zywall310 Search vendor "Zyxel" for product "Zywall310" | - | - |
Safe
|
| Zyxel Search vendor "Zyxel" | Zywall1100 Firmware Search vendor "Zyxel" for product "Zywall1100 Firmware" | 4.60 Search vendor "Zyxel" for product "Zywall1100 Firmware" and version "4.60" | - |
Affected
| in | Zyxel Search vendor "Zyxel" | Zywall1100 Search vendor "Zyxel" for product "Zywall1100" | - | - |
Safe
|