CVE-2020-29583 : Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable password. The p

Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable password. The password for this account can be found in cleartext in the firmware. This account can be used by someone to login to the ssh server or web interface with admin privileges.

Published 2020-12-22 22:15:14

Updated 2023-10-28 01:15:51

Source MITRE

View at NVD, CVE.org

CVE-2020-29583 is in the CISA Known Exploited Vulnerabilities Catalog

CISA vulnerability name:

Zyxel Multiple Products Use of Hard-Coded Credentials Vulnerability

CISA required action:

Apply updates per vendor instructions.

CISA description:

Zyxel firewalls (ATP, USG, VM) and AP Controllers (NXC2500 and NXC5500) contain a use of hard-coded credentials vulnerability in an undocumented account ("zyfwp") with an unchangeable password.

Added on 2021-11-03 Action due date 2022-05-03

Exploit prediction scoring system (EPSS) score for CVE-2020-29583

Probability of exploitation activity in the next 30 days: 96.25%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 99 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2020-29583

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
10.0	HIGH	AV:N/AC:L/Au:N/C:C/I:C/A:C	10.0	10.0	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	3.9	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2020-29583

CWE-522 Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2020-29583

https://www.zyxel.com/support/security_advisories.shtml

Security Advisories | Zyxel
Vendor Advisory

CVEs referencing this url
https://businessforum.zyxel.com/discussion/5254/whats-new-for-zld4-60-patch-1-available-on-dec-15

What's New for ZLD4.60 patch 1 (available on Dec. 15) — Zyxel
Release Notes;Vendor Advisory
https://www.eyecontrol.nl/blog/undocumented-user-account-in-zyxel-products.html

Undocumented user account in Zyxel products (CVE-2020-29583) - EYE
Third Party Advisory
http://ftp.zyxel.com/USG40/firmware/USG40_4.60(AALA.1)C0_2.pdf

Vendor Advisory
https://businessforum.zyxel.com/discussion/5252/zld-v4-60-revoke-and-wk48-firmware-release

ZLD v4.60 Revoke and WK48 Firmware release — Zyxel
Release Notes;Vendor Advisory
https://www.zyxel.com/support/CVE-2020-29583.shtml

Zyxel security advisory for hardcoded credential vulnerability | Zyxel
Vendor Advisory
https://www.secpod.com/blog/a-secret-zyxel-firewall-and-ap-controllers-could-allow-for-administrative-access-cve-2020-29583/

Secret Backdoor Vulnerabilities in Zyxel Firewall & AP Controllers

Products affected by CVE-2020-29583

Zyxel » Usg20-vpn Firmware » Version: 4.60
cpe:2.3:o:zyxel:usg20-vpn_firmware:4.60:*:*:*:*:*:*:*
Matching versions
When used together with: Zyxel » Usg20-vpn » Version: N/A
Zyxel » Usg20w-vpn Firmware » Version: 4.60
cpe:2.3:o:zyxel:usg20w-vpn_firmware:4.60:*:*:*:*:*:*:*
Matching versions
When used together with: Zyxel » Usg20w-vpn » Version: N/A
Zyxel » Usg40 Firmware » Version: 4.60
cpe:2.3:o:zyxel:usg40_firmware:4.60:*:*:*:*:*:*:*
Matching versions
When used together with: Zyxel » Usg40 » Version: N/A
Zyxel » Usg40w Firmware » Version: 4.60
cpe:2.3:o:zyxel:usg40w_firmware:4.60:*:*:*:*:*:*:*
Matching versions
When used together with: Zyxel » Usg40w » Version: N/A
Zyxel » Usg60 Firmware » Version: 4.60
cpe:2.3:o:zyxel:usg60_firmware:4.60:*:*:*:*:*:*:*
Matching versions
When used together with: Zyxel » Usg60 » Version: N/A
Zyxel » Usg60w Firmware » Version: 4.60
cpe:2.3:o:zyxel:usg60w_firmware:4.60:*:*:*:*:*:*:*
Matching versions
When used together with: Zyxel » Usg60w » Version: N/A
Zyxel » Usg110 Firmware » Version: 4.60
cpe:2.3:o:zyxel:usg110_firmware:4.60:*:*:*:*:*:*:*
Matching versions
When used together with: Zyxel » Usg110 » Version: N/A
Zyxel » Usg210 Firmware » Version: 4.60
cpe:2.3:o:zyxel:usg210_firmware:4.60:*:*:*:*:*:*:*
Matching versions
When used together with: Zyxel » Usg210 » Version: N/A
Zyxel » Usg310 Firmware » Version: 4.60
cpe:2.3:o:zyxel:usg310_firmware:4.60:*:*:*:*:*:*:*
Matching versions
When used together with: Zyxel » Usg310 » Version: N/A
Zyxel » Usg1100 Firmware » Version: 4.60
cpe:2.3:o:zyxel:usg1100_firmware:4.60:*:*:*:*:*:*:*
Matching versions
When used together with: Zyxel » Usg1100 » Version: N/A
Zyxel » Usg1900 Firmware » Version: 4.60
cpe:2.3:o:zyxel:usg1900_firmware:4.60:*:*:*:*:*:*:*
Matching versions
When used together with: Zyxel » Usg1900 » Version: N/A
Zyxel » Usg2200 Firmware » Version: 4.60
cpe:2.3:o:zyxel:usg2200_firmware:4.60:*:*:*:*:*:*:*
Matching versions
When used together with: Zyxel » Usg2200 » Version: N/A
Zyxel » Zywall110 Firmware » Version: 4.60
cpe:2.3:o:zyxel:zywall110_firmware:4.60:*:*:*:*:*:*:*
Matching versions
When used together with: Zyxel » Zywall110 » Version: N/A
Zyxel » Zywall310 Firmware » Version: 4.60
cpe:2.3:o:zyxel:zywall310_firmware:4.60:*:*:*:*:*:*:*
Matching versions
When used together with: Zyxel » Zywall310 » Version: N/A
Zyxel » Zywall1100 Firmware » Version: 4.60
cpe:2.3:o:zyxel:zywall1100_firmware:4.60:*:*:*:*:*:*:*
Matching versions
When used together with: Zyxel » Zywall1100 » Version: N/A