CyberSec.Space Logo
返回 CVE 浏览器

CVE-2020-29583

Known Exploited (CISA KEV)CRITICAL
9.8
CVSS Severity Score
EPSS Score96.7360%
EPSS Percentile95.75th
Published2020年12月22日
Last Modified2025年11月7日

Vulnerability Description

Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable password. The password for this account can be found in cleartext in the firmware. This account can be used by someone to login to the ssh server or web interface with admin privileges.

Affected Platforms (CPE)

💻
Zyxel

Usg20 Vpn Firmware

= 4.60
💻
Zyxel

Usg20w Vpn Firmware

= 4.60
💻
Zyxel

Usg40 Firmware

= 4.60
💻
Zyxel

Usg40w Firmware

= 4.60
💻
Zyxel

Usg60 Firmware

= 4.60
💻
Zyxel

Usg60w Firmware

= 4.60
💻
Zyxel

Usg110 Firmware

= 4.60
💻
Zyxel

Usg210 Firmware

= 4.60
💻
Zyxel

Usg310 Firmware

= 4.60
💻
Zyxel

Usg1100 Firmware

= 4.60
💻
Zyxel

Usg1900 Firmware

= 4.60
💻
Zyxel

Usg2200 Firmware

= 4.60
💻
Zyxel

Zywall110 Firmware

= 4.60
💻
Zyxel

Zywall310 Firmware

= 4.60
💻
Zyxel

Zywall1100 Firmware

= 4.60
💻
Zyxel

Atp100 Firmware

= 4.60
💻
Zyxel

Atp100w Firmware

= 4.60
💻
Zyxel

Atp200 Firmware

= 4.60
💻
Zyxel

Atp500 Firmware

= 4.60
💻
Zyxel

Atp700 Firmware

= 4.60
💻
Zyxel

Atp800 Firmware

= 4.60
💻
Zyxel

Vpn50 Firmware

= 4.60
💻
Zyxel

Vpn100 Firmware

= 4.60
💻
Zyxel

Vpn300 Firmware

= 4.60
💻
Zyxel

Vpn1000 Firmware

= 4.60
💻
Zyxel

Usg Flex 100 Firmware

= 4.60
💻
Zyxel

Usg Flex 100w Firmware

= 4.60
💻
Zyxel

Usg Flex 200 Firmware

= 4.60
💻
Zyxel

Usg Flex 500 Firmware

= 4.60
💻
Zyxel

Usg Flex 700 Firmware

= 4.60

References & Advisories

🔗 http://ftp.zyxel.com/USG40/firmware/USG40_4.60%28AALA.1%29C0_2.pdf
🔗 https://businessforum.zyxel.com/discussion/5252/zld-v4-60-revoke-and-wk48-firmware-release
🔗 https://businessforum.zyxel.com/discussion/5254/whats-new-for-zld4-60-patch-1-available-on-dec-15
🔗 https://www.eyecontrol.nl/blog/undocumented-user-account-in-zyxel-products.html
🔗 https://www.secpod.com/blog/a-secret-zyxel-firewall-and-ap-controllers-could-allow-for-administrative-access-cve-2020-29583/
🔗 https://www.zyxel.com/support/CVE-2020-29583.shtml
🔗 https://www.zyxel.com/support/security_advisories.shtml
🔗 http://ftp.zyxel.com/USG40/firmware/USG40_4.60%28AALA.1%29C0_2.pdf

相关漏洞威胁

CVE-2026-121917.8

A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the file selfdri...

CVE-2026-121905.3

A vulnerability has been found in Genspark AI Workspace App 2.8.4 on Android. This vulnerability affects unknown code of the compo...

CVE-2026-121895.3

A flaw has been found in Moovit Bus & Public Transit App 1.18 on Android. This affects an unknown part of the component com.tranzm...

CVE-2026-121886.3

A vulnerability was detected in Grit42 Grit up to 0.11.0. Affected by this issue is some unknown functionality of the file modules...