Zyxel Hardcoded Vulnerability Threat Intel Advisory
Published 08 January 2021
- Hardcoded credential vulnerability discovered in Zyxel firewalls and AccessPoint controllers
- Provides attackers backdoor access to SSH and web admin interfaces of the affected devices
Share this Threat Intel:
Advisory |
Vulnerability Intelligence |
CVE |
CVE-2020-29583 |
Platform |
Zyxel Networking Devices [Firewall/AP Controllers] |
A hardcoded credential vulnerability was discovered in Zyxel firewalls and AccessPoint controllers. The vulnerability targets the user account “zyfwp,” designed to deliver firmware updates to connected access points via FTP.
Affected Products
Firewall Series |
Vulnerable Firmware |
ATP series | ZLD V4.60 |
USG series | ZLD V4.60 |
USG FLEX | ZLD V4.60 |
VPN series | ZLD V4.60 |
AP Controllers |
Vulnerable Firmware |
NXC2500 | V6.00 – V6.10 |
NXC5500 | V6.00 -V6.10 |
Impact
- Hardcoded credential provides attackers backdoor access to SSH and web admin interfaces of the affected devices.
- Unauthorized access to networking devices can lead to host discovery on target network and unauthorized changes to network settings.
- Attackers can use the above mentioned enumerated information to carry out attacks against other hosts on the network.
Mitigation
For affected firewall products a patch was released in the following update:
- ZLD V4.60 Patch1 in Dec. 2020
For affected AP Controller products a patch is available in an upcoming update:
- V6.10 Patch1 on Jan. 8, 2021
Be informed in your Inbox
Sign up now to our Threat intelligence Newsletter and be the first to know about threats first in your inbox.
Join the Discussions
Discuss your way into our Community about these threats and stay Vigilant and informed.