Lucene search

K

MitreCVELIST:CVE-2020-29583

HistoryDec 22, 2020 - 12:00 a.m.

CVE-2020-29583

2020-12-2200:00:00

mitre

www.cve.org

8

zyxel

usg

firmware

undocumented account

unchangeable password

admin privileges

AI Score

9.8

Confidence

High

EPSS

0.963

Percentile

99.6%

Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable password. The password for this account can be found in cleartext in the firmware. This account can be used by someone to login to the ssh server or web interface with admin privileges.

References

ftp.zyxel.com/USG40/firmware/USG40_4.60%28AALA.1%29C0_2.pdf

businessforum.zyxel.com/discussion/5252/zld-v4-60-revoke-and-wk48-firmware-release

businessforum.zyxel.com/discussion/5254/whats-new-for-zld4-60-patch-1-available-on-dec-15

www.eyecontrol.nl/blog/undocumented-user-account-in-zyxel-products.html

www.secpod.com/blog/a-secret-zyxel-firewall-and-ap-controllers-could-allow-for-administrative-access-cve-2020-29583/

www.zyxel.com/support/CVE-2020-29583.shtml

www.zyxel.com/support/security_advisories.shtml

AI Score

9.8

Confidence

High

EPSS

0.963

Percentile

99.6%

Related for CVELIST:CVE-2020-29583

thn2 threatpost1 prion1 nvd1 nessus1 attackerkb1 cisa1 cve1 nuclei1 cisa_kev1 githubexploit1 rapid7blog1 ics1