CVE-2020-29583

Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable password. The password for this account can be found in cleartext in the firmware. This account can be used by someone to login to the ssh server or web interface with admin privileges.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:zyxel:usg20-vpn_firmware:4.60:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:usg20-vpn:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:zyxel:usg20w-vpn_firmware:4.60:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:usg20w-vpn:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:zyxel:usg40_firmware:4.60:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:usg40:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:zyxel:usg40w_firmware:4.60:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:usg40w:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:zyxel:usg60_firmware:4.60:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:usg60:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:zyxel:usg60w_firmware:4.60:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:usg60w:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:zyxel:usg110_firmware:4.60:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:usg110:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:zyxel:usg210_firmware:4.60:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:usg210:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:zyxel:usg310_firmware:4.60:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:usg310:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:zyxel:usg1100_firmware:4.60:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:usg1100:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:zyxel:usg1900_firmware:4.60:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:usg1900:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:zyxel:usg2200_firmware:4.60:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:usg2200:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:zyxel:zywall110_firmware:4.60:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:zywall110:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:zyxel:zywall310_firmware:4.60:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:zywall310:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:zyxel:zywall1100_firmware:4.60:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:zywall1100:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
cpe:2.3:o:zyxel:atp100_firmware:4.60:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:atp100:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND
cpe:2.3:o:zyxel:atp100w_firmware:4.60:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:atp100w:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND
cpe:2.3:o:zyxel:atp200_firmware:4.60:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:atp200:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND
cpe:2.3:o:zyxel:atp500_firmware:4.60:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:atp500:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND
cpe:2.3:o:zyxel:atp700_firmware:4.60:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:atp700:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND
cpe:2.3:o:zyxel:atp800_firmware:4.60:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:atp800:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND
cpe:2.3:o:zyxel:vpn50_firmware:4.60:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:vpn50:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND
cpe:2.3:o:zyxel:vpn100_firmware:4.60:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:vpn100:-:*:*:*:*:*:*:*

Configuration 24 (hide)

AND
cpe:2.3:o:zyxel:vpn300_firmware:4.60:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:vpn300:-:*:*:*:*:*:*:*

Configuration 25 (hide)

AND
cpe:2.3:o:zyxel:vpn1000_firmware:4.60:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:vpn1000:-:*:*:*:*:*:*:*

Configuration 26 (hide)

AND
cpe:2.3:o:zyxel:usg_flex_100_firmware:4.60:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:usg_flex_100:-:*:*:*:*:*:*:*

Configuration 27 (hide)

AND
cpe:2.3:o:zyxel:usg_flex_100w_firmware:4.60:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:usg_flex_100w:-:*:*:*:*:*:*:*

Configuration 28 (hide)

AND
cpe:2.3:o:zyxel:usg_flex_200_firmware:4.60:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:usg_flex_200:-:*:*:*:*:*:*:*

Configuration 29 (hide)

AND
cpe:2.3:o:zyxel:usg_flex_500_firmware:4.60:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:usg_flex_500:-:*:*:*:*:*:*:*

Configuration 30 (hide)

AND
cpe:2.3:o:zyxel:usg_flex_700_firmware:4.60:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:usg_flex_700:-:*:*:*:*:*:*:*

History

26 Jul 2024, 19:46

Type Values Removed Values Added
CPE cpe:2.3:o:zyxel:atp100_firmware:4.60:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:usg_flex_100:-:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:vpn100:-:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:atp100w_firmware:4.60:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:usg_flex_100w_firmware:4.60:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:atp100:-:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:usg_flex_500:-:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:atp800:-:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:atp500:-:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:vpn50_firmware:4.60:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:usg_flex_500_firmware:4.60:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:atp700:-:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:vpn1000_firmware:4.60:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:vpn300_firmware:4.60:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:vpn1000:-:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:vpn100_firmware:4.60:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:usg_flex_700_firmware:4.60:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:usg_flex_700:-:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:atp200_firmware:4.60:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:atp500_firmware:4.60:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:vpn300:-:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:usg_flex_100_firmware:4.60:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:atp100w:-:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:usg_flex_200_firmware:4.60:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:atp800_firmware:4.60:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:vpn50:-:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:atp200:-:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:atp700_firmware:4.60:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:usg_flex_100w:-:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:usg_flex_200:-:*:*:*:*:*:*:*
References () http://ftp.zyxel.com/USG40/firmware/USG40_4.60%28AALA.1%29C0_2.pdf - () http://ftp.zyxel.com/USG40/firmware/USG40_4.60%28AALA.1%29C0_2.pdf - Broken Link
References () https://businessforum.zyxel.com/discussion/5252/zld-v4-60-revoke-and-wk48-firmware-release - Release Notes, Vendor Advisory () https://businessforum.zyxel.com/discussion/5252/zld-v4-60-revoke-and-wk48-firmware-release - Release Notes
References () https://businessforum.zyxel.com/discussion/5254/whats-new-for-zld4-60-patch-1-available-on-dec-15 - Release Notes, Vendor Advisory () https://businessforum.zyxel.com/discussion/5254/whats-new-for-zld4-60-patch-1-available-on-dec-15 - Release Notes
References () https://www.eyecontrol.nl/blog/undocumented-user-account-in-zyxel-products.html - Third Party Advisory () https://www.eyecontrol.nl/blog/undocumented-user-account-in-zyxel-products.html - Broken Link, Third Party Advisory
References () https://www.secpod.com/blog/a-secret-zyxel-firewall-and-ap-controllers-could-allow-for-administrative-access-cve-2020-29583/ - () https://www.secpod.com/blog/a-secret-zyxel-firewall-and-ap-controllers-could-allow-for-administrative-access-cve-2020-29583/ - Exploit, Third Party Advisory
First Time Zyxel atp100
Zyxel vpn100 Firmware
Zyxel atp100 Firmware
Zyxel vpn50
Zyxel atp100w Firmware
Zyxel vpn100
Zyxel atp200
Zyxel usg Flex 500
Zyxel vpn1000 Firmware
Zyxel atp800 Firmware
Zyxel vpn50 Firmware
Zyxel usg Flex 100w Firmware
Zyxel vpn1000
Zyxel atp700 Firmware
Zyxel atp800
Zyxel vpn300 Firmware
Zyxel usg Flex 100
Zyxel usg Flex 500 Firmware
Zyxel usg Flex 100 Firmware
Zyxel vpn300
Zyxel usg Flex 700 Firmware
Zyxel atp100w
Zyxel atp500 Firmware
Zyxel usg Flex 200 Firmware
Zyxel usg Flex 200
Zyxel atp700
Zyxel atp200 Firmware
Zyxel atp500
Zyxel usg Flex 100w
Zyxel usg Flex 700

12 Jul 2022, 17:42

Type Values Removed Values Added
CWE CWE-312 CWE-522

Information

Published : 2020-12-22 22:15

Updated : 2024-07-26 19:46


NVD link : CVE-2020-29583

Mitre link : CVE-2020-29583

CVE.ORG link : CVE-2020-29583


JSON object : View

Products Affected

zyxel

  • zywall1100
  • usg1900_firmware
  • usg_flex_200_firmware
  • usg1900
  • usg40
  • usg60
  • usg20-vpn
  • atp100w_firmware
  • atp800_firmware
  • vpn50
  • atp700
  • zywall110_firmware
  • atp800
  • usg310
  • usg_flex_200
  • usg60w_firmware
  • atp200_firmware
  • vpn300
  • atp500
  • vpn100
  • vpn1000_firmware
  • usg310_firmware
  • usg40_firmware
  • usg20w-vpn
  • atp100w
  • usg40w
  • atp100
  • atp500_firmware
  • usg110_firmware
  • usg20w-vpn_firmware
  • usg_flex_500_firmware
  • zywall1100_firmware
  • vpn100_firmware
  • usg_flex_100_firmware
  • vpn50_firmware
  • zywall310_firmware
  • usg40w_firmware
  • usg1100
  • atp200
  • usg_flex_500
  • usg2200
  • usg_flex_100
  • usg_flex_700_firmware
  • usg1100_firmware
  • vpn1000
  • usg_flex_100w_firmware
  • usg210_firmware
  • usg210
  • usg_flex_100w
  • atp100_firmware
  • usg_flex_700
  • atp700_firmware
  • usg110
  • zywall310
  • usg2200_firmware
  • zywall110
  • vpn300_firmware
  • usg60_firmware
  • usg60w
  • usg20-vpn_firmware
CWE
CWE-522

Insufficiently Protected Credentials