| ###### Advisory | Vulnerability Intelligence |
|---|---|
| ###### CVE | CVE-2020-29583 |
| ###### Platform | Zyxel Networking Devices [Firewall/AP Controllers] |
A hardcoded credential vulnerability was discovered in Zyxel firewalls and AccessPoint controllers. The vulnerability targets the user account “ zyfwp ,” designed to deliver firmware updates to connected access points via FTP.
Affected Products
| ###### Firewall Series | ###### Vulnerable Firmware |
|---|---|
| ATP series | ZLD V4.60 |
| USG series | ZLD V4.60 |
| USG FLEX | ZLD V4.60 |
| VPN series | ZLD V4.60 |
| ###### AP Controllers | ###### Vulnerable Firmware |
|---|---|
| NXC2500 | V6.00 – V6.10 |
| NXC5500 | V6.00 -V6.10 |
Impact
- Hardcoded credential provides attackers backdoor access to SSH and web admin interfaces of the affected devices.
- Unauthorized access to networking devices can lead to host discovery on target network and unauthorized changes to network settings.
- Attackers can use the above mentioned enumerated information to carry out attacks against other hosts on the network.
Mitigation
For affected firewall products a patch was released in the following update:
- ZLD V4.60 Patch1 in Dec. 2020
For affected AP Controller products a patch is available in an upcoming update:
- V6.10 Patch1 on Jan. 8, 2021