ZyXel USG - Hardcoded Credentials

A hardcoded credential vulnerability was identified in the 'zyfwp' user account in some Zyxel firewalls and AP controllers. The account was designed to deliver automatic firmware updates to connected access points through FTP. id: CVE-2020-29583 info: name: ZyXel USG - Hardcoded Credentials autho...

Zyxel Buffer Overflow / Format String / Command Injection

-- HNS-2022-02 - HN Security Advisory - https://security.humanativaspa.it/ Title: Multiple vulnerabilities in Zyxel zysh Products: Zyxel firewalls, AP controllers, and APs Author: Marco Ivaldi Date: 2022-06-07 CVE Names and Vendor CVSS Scores: CVE-2022-26531:...

Zyxel Multiple Products Use of Hard-Coded Credentials Vulnerability

Zyxel firewalls ATP, USG, VM and AP Controllers NXC2500 and NXC5500 contain a use of hard-coded credentials vulnerability in an undocumented account "zyfwp" with an unchangeable password...

MS-ISAC Releases Cybersecurity Advisory on Zyxel Firewalls and AP Controllers

The Multi-State Information Sharing and Analysis Center MS-ISAC has released an advisory on a vulnerability in Zyxel firewalls and AP controllers. A remote attacker could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review the MS-IS...

Serious vulnerability fixed in Zyxel products

A vulnerability has been fixed in Zyxel products. A researcher found an undocumented user whose both the username and password could be found in plaintext were in firmware. This undocumented account has admin rights. Zyxel has released updates to fix the vulnerability. Zyxel indicated that for AP...