CVE-2020-29583-Zyxel security advisory for hardcoded credential vulnerability
Zyxel has released a patch for the hardcoded credential vulnerability of firewalls and AP controllers recently reported by researchers from Eye Control Netherlands. Users are advised to install the applicable firmware updates for optimal protection.
A hardcoded credential vulnerability was identified in the “zyfwp” user account in some Zyxel firewalls and AP controllers. The account was designed to deliver automatic firmware updates to connected access points through FTP.
As the zyfwp user has admin privileges, an attacker could completely compromise the confidentiality, integrity and availability of the device.
Full list available on below URL:
Should update to the latest firmware as per vendor advisory.
Press release April 2023: Situational Security Alerts from CIRT
21 Apr 2023 - Articles, English articles, News, Notice, Security Advisories & Alerts
Security Best Practices
29 Mar 2023 - Security Advisories & Alerts