Zyxel Hardcoded Vulnerability Threat Intel Advisory

CloudSEK threat intelligence advisory on Zyxel vulnerability tracked as CVE-2020-29583 found in Zyxel firewalls and AccessPoint controllers.
Updated on
February 27, 2023
Published on
January 8, 2021
Read time
Subscribe to the latest industry news, technologies and resources.
Vulnerability Intelligence
Zyxel Networking Devices [Firewall/AP Controllers]
  A hardcoded credential vulnerability was discovered in Zyxel firewalls and AccessPoint controllers. The vulnerability targets the user account “zyfwp,” designed to deliver firmware updates to connected access points via FTP.

Affected Products

Firewall Series
Vulnerable Firmware 
ATP series ZLD V4.60
USG series ZLD V4.60
VPN series ZLD V4.60
AP Controllers
Vulnerable Firmware
NXC2500  V6.00 - V6.10
NXC5500 V6.00 -V6.10


  • Hardcoded credential provides attackers backdoor access to SSH and web admin interfaces of the affected devices.
  • Unauthorized access to networking devices can lead to host discovery on target network and unauthorized changes to network settings.
  • Attackers can use the above mentioned enumerated information to carry out attacks against other hosts on the network.


For affected firewall products a patch was released in the following update:
  • ZLD V4.60 Patch1 in Dec. 2020
For affected AP Controller products a patch is available in an upcoming update:
  • V6.10 Patch1 on Jan. 8, 2021

Get Global Threat Intelligence on Real Time

Protect your business from cyber threats with real-time global threat intelligence data.. 30-day free and No Commitment Trial.
Schedule a Demo
Real time Threat Intelligence Data
More information and context about Underground Chatter
On-Demand Research Services
Related Intelligence Posts
No items found.