CVE-2020-29583

Published: Dec 22, 2020Modified: Nov 7, 2025CISA KEV

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable password. The password for this account can be found in cleartext in the firmware. This account can be used by someone to login to the ssh server or web interface with admin privileges.

Affected (30)

Products: Zyxel: Usg20 Vpn Firmware, Usg20w Vpn Firmware, Usg40 Firmware, Usg40w Firmware, Usg60 Firmware, Usg60w Firmware, Usg110 Firmware, Usg210 Firmware, Usg310 Firmware, Usg1100 Firmware, Usg1900 Firmware, Usg2200 Firmware, Zywall110 Firmware, Zywall310 Firmware, Zywall1100 Firmware, Atp100 Firmware, Atp100w Firmware, Atp200 Firmware, Atp500 Firmware, Atp700 Firmware, Atp800 Firmware, Vpn50 Firmware, Vpn100 Firmware, Vpn300 Firmware, Vpn1000 Firmware, Usg Flex 100 Firmware, Usg Flex 100w Firmware, Usg Flex 200 Firmware, Usg Flex 500 Firmware, Usg Flex 700 Firmware

30 products

Usg Flex 100 Firmware

Usg Flex 100w Firmware

Usg Flex 200 Firmware

Usg Flex 500 Firmware

Usg Flex 700 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Usg20 Vpn Firmware	Version 4.60

Running on/with	Platform Versions
Zyxel Usg20 Vpn	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Usg20w Vpn Firmware	Version 4.60

Running on/with	Platform Versions
Zyxel Usg20w Vpn	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Usg40 Firmware	Version 4.60

Running on/with	Platform Versions
Zyxel Usg40	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Usg40w Firmware	Version 4.60

Running on/with	Platform Versions
Zyxel Usg40w	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Usg60 Firmware	Version 4.60

Running on/with	Platform Versions
Zyxel Usg60	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Usg60w Firmware	Version 4.60

Running on/with	Platform Versions
Zyxel Usg60w	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Usg110 Firmware	Version 4.60

Running on/with	Platform Versions
Zyxel Usg110	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Usg210 Firmware	Version 4.60

Running on/with	Platform Versions
Zyxel Usg210	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Usg310 Firmware	Version 4.60

Running on/with	Platform Versions
Zyxel Usg310	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Usg1100 Firmware	Version 4.60

Running on/with	Platform Versions
Zyxel Usg1100	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Usg1900 Firmware	Version 4.60

Running on/with	Platform Versions
Zyxel Usg1900	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Usg2200 Firmware	Version 4.60

Running on/with	Platform Versions
Zyxel Usg2200	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Zywall110 Firmware	Version 4.60

Running on/with	Platform Versions
Zyxel Zywall110	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Zywall310 Firmware	Version 4.60

Running on/with	Platform Versions
Zyxel Zywall310	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Zywall1100 Firmware	Version 4.60

Running on/with	Platform Versions
Zyxel Zywall1100	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Atp100 Firmware	Version 4.60

Running on/with	Platform Versions
Zyxel Atp100	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Atp100w Firmware	Version 4.60

Running on/with	Platform Versions
Zyxel Atp100w	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Atp200 Firmware	Version 4.60

Running on/with	Platform Versions
Zyxel Atp200	All versions

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Atp500 Firmware	Version 4.60

Running on/with	Platform Versions
Zyxel Atp500	All versions

Configuration T

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Atp700 Firmware	Version 4.60

Running on/with	Platform Versions
Zyxel Atp700	All versions

Configuration U

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Atp800 Firmware	Version 4.60

Running on/with	Platform Versions
Zyxel Atp800	All versions

Configuration V

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Vpn50 Firmware	Version 4.60

Running on/with	Platform Versions
Zyxel Vpn50	All versions

Configuration W

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Vpn100 Firmware	Version 4.60

Running on/with	Platform Versions
Zyxel Vpn100	All versions

Configuration X

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Vpn300 Firmware	Version 4.60

Running on/with	Platform Versions
Zyxel Vpn300	All versions

Configuration Y

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Vpn1000 Firmware	Version 4.60

Running on/with	Platform Versions
Zyxel Vpn1000	All versions

Configuration Z

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Usg Flex 100 Firmware	Version 4.60

Running on/with	Platform Versions
Zyxel Usg Flex 100	All versions

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Usg Flex 100w Firmware	Version 4.60

Running on/with	Platform Versions
Zyxel Usg Flex 100w	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Usg Flex 200 Firmware	Version 4.60

Running on/with	Platform Versions
Zyxel Usg Flex 200	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Usg Flex 500 Firmware	Version 4.60

Running on/with	Platform Versions
Zyxel Usg Flex 500	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Usg Flex 700 Firmware	Version 4.60

Running on/with	Platform Versions
Zyxel Usg Flex 700	All versions

Related CWEs

CWE-522

Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

References (15)

http://ftp.zyxel.com/USG40/firmware/USG40_4.60%28AALA.1%29C0_2.pdf

Source: cve@mitre.org

Broken Link

https://businessforum.zyxel.com/discussion/5252/zld-v4-60-revoke-and-wk48-firmware-release

Source: cve@mitre.org

Release Notes

https://businessforum.zyxel.com/discussion/5254/whats-new-for-zld4-60-patch-1-available-on-dec-15

Source: cve@mitre.org

Release Notes

https://www.eyecontrol.nl/blog/undocumented-user-account-in-zyxel-products.html

Source: cve@mitre.org

Broken LinkThird Party Advisory

https://www.secpod.com/blog/a-secret-zyxel-firewall-and-ap-controllers-could-allow-for-administrative-access-cve-2020-29583/

Source: cve@mitre.org

ExploitThird Party Advisory

https://www.zyxel.com/support/CVE-2020-29583.shtml

Source: cve@mitre.org

Vendor Advisory

https://www.zyxel.com/support/security_advisories.shtml

Source: cve@mitre.org

Vendor Advisory

http://ftp.zyxel.com/USG40/firmware/USG40_4.60%28AALA.1%29C0_2.pdf