Zyxel Hardcoded Vulnerability Threat Intel Advisory

###### Advisory Vulnerability Intelligence
###### CVE CVE-2020-29583
###### Platform Zyxel Networking Devices [Firewall/AP Controllers]

A hardcoded credential vulnerability was discovered in Zyxel firewalls and AccessPoint controllers. The vulnerability targets the user account “ zyfwp ,” designed to deliver firmware updates to connected access points via FTP.

Affected Products

###### Firewall Series ###### Vulnerable Firmware
ATP series ZLD V4.60
USG series ZLD V4.60
USG FLEX ZLD V4.60
VPN series ZLD V4.60
###### AP Controllers ###### Vulnerable Firmware
NXC2500 V6.00 – V6.10
NXC5500 V6.00 -V6.10

Impact

  • Hardcoded credential provides attackers backdoor access to SSH and web admin interfaces of the affected devices.
  • Unauthorized access to networking devices can lead to host discovery on target network and unauthorized changes to network settings.
  • Attackers can use the above mentioned enumerated information to carry out attacks against other hosts on the network.

Mitigation

For affected firewall products a patch was released in the following update:

  • ZLD V4.60 Patch1 in Dec. 2020

For affected AP Controller products a patch is available in an upcoming update:

  • V6.10 Patch1 on Jan. 8, 2021
1 Like