Zyxel Hardcoded Vulnerability Threat Intel Advisory

CloudSEK threat intelligence advisory on Zyxel vulnerability tracked as CVE-2020-29583 found in Zyxel firewalls and AccessPoint controllers.

Updated on

April 19, 2023

Published on

January 8, 2021

Read MINUTES

Subscribe to the latest industry news, threats and resources.

Table of Contents

This is also a heading
This is a heading

Advisory	Vulnerability Intelligence
CVE	CVE-2020-29583
Platform	Zyxel Networking Devices [Firewall/AP Controllers]

A hardcoded credential vulnerability was discovered in Zyxel firewalls and AccessPoint controllers. The vulnerability targets the user account “zyfwp,” designed to deliver firmware updates to connected access points via FTP.

Affected Products

Firewall Series	Vulnerable Firmware
ATP series	ZLD V4.60
USG series	ZLD V4.60
USG FLEX	ZLD V4.60
VPN series	ZLD V4.60

AP Controllers	Vulnerable Firmware
NXC2500	V6.00 - V6.10
NXC5500	V6.00 -V6.10

Impact

Hardcoded credential provides attackers backdoor access to SSH and web admin interfaces of the affected devices.
Unauthorized access to networking devices can lead to host discovery on target network and unauthorized changes to network settings.
Attackers can use the above mentioned enumerated information to carry out attacks against other hosts on the network.

Mitigation

For affected firewall products a patch was released in the following update:

ZLD V4.60 Patch1 in Dec. 2020

For affected AP Controller products a patch is available in an upcoming update:

V6.10 Patch1 on Jan. 8, 2021

CloudSEK Platform is a no-code platform that powers our products with predictive threat analytic capabilities.

Table of Contents

This is also a heading
This is a heading

Recent Articles

Critical CSRF Vulnerability in IBM CICS TX - CVE-2023-42027 Demands Immediate Action

November 15, 2023

CVE-2023-43792 baserCMS is a website development framework vulnerable to Code Injection attacks

November 6, 2023

Get Global Threat Intelligence on Real Time

Protect your business from cyber threats with real-time global threat intelligence data.. 30-day free and No Commitment Trial.

Schedule a Demo

Real time Threat Intelligence Data

More information and context about Underground Chatter

On-Demand Research Services

Global Threat Intelligence Feed

Protect and proceed with Actionable Intelligence

The Global Cyber Threat Intelligence Feed is an innovative platform that gathers information from various sources to help businesses and organizations stay ahead of potential cyber-attacks. This feed provides real-time updates on cyber threats, including malware, phishing scams, and other forms of cybercrime.

Trusted by 400+ Top organisations

Get started

Learn more

Advisory

CVE

Platform

Firewall Series

Vulnerable Firmware

AP Controllers

Vulnerable Firmware

Protect and proceed with Actionable Intelligence