CVE-2020-29583-Zyxel security advisory for hardcoded credential vulnerability

DESCRIPTION

Zyxel has released a patch for the hardcoded credential vulnerability of firewalls and AP controllers recently reported by researchers from Eye Control Netherlands. Users are advised to install the applicable firmware updates for optimal protection.

A hardcoded credential vulnerability was identified in the “zyfwp” user account in some Zyxel firewalls and AP controllers. The account was designed to deliver automatic firmware updates to connected access points through FTP.

IMPACT
As the zyfwp user has admin privileges, an attacker could completely compromise the confidentiality, integrity and availability of the device.

SYSTEM AFFECTED
Full list available on below URL:
https://www.zyxel.com/support/CVE-2020-29583.shtml

RECOMMENDATIONS
Should update to the latest firmware as per vendor advisory.

REFERENCES

info@cirt.gov.bd

+880255007183

CVE-2020-29583-Zyxel security advisory for hardcoded credential vulnerability

Recommended Posts

PetitPotam: Microsoft Windows Server NTLM Relay Attacks on Active Directory Certificate Services (AD CS)

Sequoia: CVE-2021-33909- Local Privilege Escalation Vulnerability in Linux’s Filesystem Layer

Windows SeriousSAM vulnerability: CVE-2021-36934 Local Privilege Escalation Vulnerability in Microsoft Windows

Subscribe here

Important links

MEMBER OF: