This report is about a high severity vulnerability affecting Zyxel firewalls and AP controllers. A hardcoded credential vulnerability was identified in the “zyfwp” user account in some Zyxel firewalls and AP controllers. The account was designed to deliver automatic firmware updates to connected access points through FTP. There are patches available for these vulnerabilities on the vendor’s website.
The vulnerabilities have been given the identifying information of CVE-2020-29583. CVE-2020-29583 affects Zyxel firewalls running firmware version V4.60, and Zyxel AP controllers running firmware versions V6.00 through V6.10.
CVE-2020-29583 is caused by an undocumented account (zyfwp) with an unchangeable password. The password for this account can be found in cleartext in the firmware. This account can be used by someone to log in to the ssh server or web interface with admin privileges.
Avertium brings a guided, risk-based cybersecurity approach to the mid-to-large enterprise. Leveraging NIST CSF and the MITRE ATT&CK framework, Avertium develops customized, outcome-based roadmaps that enable companies to evolve their cybersecurity posture in the face of the cybersecurity talent shortage, rapidly evolving threat landscape, and budgetary constraints.
For information about how we can help, contact an expert to schedule a no-obligation consultation.
Note: The Avertium Threat Report analyzes one current threat that has been shared by threat intelligence networks across the globe. Used internally by the Avertium CyberOps Team, this report will outline a “top-of-mind” threat and how it ought to be addressed accordingly.
This informed analysis is based on the latest data available.