Advisory |
Vulnerability Intelligence |
CVE |
CVE-2020-29583 |
Platform |
Zyxel Networking Devices |
A hardcoded credential vulnerability was discovered in Zyxel firewalls and AccessPoint controllers. The vulnerability targets the user account “zyfwp,” designed to deliver firmware updates to connected access points via FTP.
Firewall Series |
Vulnerable Firmware |
ATP series | ZLD V4.60 |
USG series | ZLD V4.60 |
USG FLEX | ZLD V4.60 |
VPN series | ZLD V4.60 |
AP Controllers |
Vulnerable Firmware |
NXC2500 | V6.00 – V6.10 |
NXC5500 | V6.00 -V6.10 |
For affected firewall products a patch was released in the following update:
For affected AP Controller products a patch is available in an upcoming update: