CVE-2020-29583

Known Exploited (CISA KEV)CRITICAL

9.8

CVSS Severity Score

EPSS Score96.7360%

EPSS Percentile95.75th

PublishedDec 22, 2020

Last ModifiedNov 7, 2025

Vulnerability Description

Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable password. The password for this account can be found in cleartext in the firmware. This account can be used by someone to login to the ssh server or web interface with admin privileges.

Affected Platforms (CPE)

💻

Zyxel

Usg20 Vpn Firmware

= 4.60

💻

Zyxel

Usg20w Vpn Firmware

= 4.60

💻

Zyxel

Usg40 Firmware

= 4.60

💻

Zyxel

Usg40w Firmware

= 4.60

💻

Zyxel

Usg60 Firmware

= 4.60

💻

Zyxel

Usg60w Firmware

= 4.60

💻

Zyxel

Usg110 Firmware

= 4.60

💻

Zyxel

Usg210 Firmware

= 4.60

💻

Zyxel

Usg310 Firmware

= 4.60

💻

Zyxel

Usg1100 Firmware

= 4.60

💻

Zyxel

Usg1900 Firmware

= 4.60

💻

Zyxel

Usg2200 Firmware

= 4.60

💻

Zyxel

Zywall110 Firmware

= 4.60

💻

Zyxel

Zywall310 Firmware

= 4.60

💻

Zyxel

Zywall1100 Firmware

= 4.60

💻

Zyxel

Atp100 Firmware

= 4.60

💻

Zyxel

Atp100w Firmware

= 4.60

💻

Zyxel

Atp200 Firmware

= 4.60

💻

Zyxel

Atp500 Firmware

= 4.60

💻

Zyxel

Atp700 Firmware

= 4.60

💻

Zyxel

Atp800 Firmware

= 4.60

💻

Zyxel

Vpn50 Firmware

= 4.60

💻

Zyxel

Vpn100 Firmware

= 4.60

💻

Zyxel

Vpn300 Firmware

= 4.60

💻

Zyxel

Vpn1000 Firmware

= 4.60

💻

Zyxel

Usg Flex 100 Firmware

= 4.60

💻

Zyxel

Usg Flex 100w Firmware

= 4.60

💻

Zyxel

Usg Flex 200 Firmware

= 4.60

💻

Zyxel

Usg Flex 500 Firmware

= 4.60

💻

Zyxel

Usg Flex 700 Firmware

= 4.60

References & Advisories

🔗 http://ftp.zyxel.com/USG40/firmware/USG40_4.60%28AALA.1%29C0_2.pdf

🔗 https://businessforum.zyxel.com/discussion/5252/zld-v4-60-revoke-and-wk48-firmware-release

🔗 https://businessforum.zyxel.com/discussion/5254/whats-new-for-zld4-60-patch-1-available-on-dec-15

🔗 https://www.eyecontrol.nl/blog/undocumented-user-account-in-zyxel-products.html

🔗 https://www.secpod.com/blog/a-secret-zyxel-firewall-and-ap-controllers-could-allow-for-administrative-access-cve-2020-29583/

🔗 https://www.zyxel.com/support/CVE-2020-29583.shtml

🔗 https://www.zyxel.com/support/security_advisories.shtml

🔗 http://ftp.zyxel.com/USG40/firmware/USG40_4.60%28AALA.1%29C0_2.pdf

Vulnerability Description

Affected Platforms (CPE)

Usg20 Vpn Firmware

Usg20w Vpn Firmware

Usg40 Firmware

Usg40w Firmware

Usg60 Firmware

Usg60w Firmware

Usg110 Firmware

Usg210 Firmware

Usg310 Firmware

Usg1100 Firmware

Usg1900 Firmware

Usg2200 Firmware

Zywall110 Firmware

Zywall310 Firmware

Zywall1100 Firmware

Atp100 Firmware

Atp100w Firmware

Atp200 Firmware

Atp500 Firmware

Atp700 Firmware

Atp800 Firmware

Vpn50 Firmware

Vpn100 Firmware

Vpn300 Firmware

Vpn1000 Firmware

Usg Flex 100 Firmware

Usg Flex 100w Firmware

Usg Flex 200 Firmware

Usg Flex 500 Firmware

Usg Flex 700 Firmware

References & Advisories

Related Vulnerabilities