Secret Backdoor Discovered on Zyxel Firewall and AP Controllers (CVE-2020-29583)

Contents of The Article hide

5 References to Advisories, Solutions and Tools

Overview

“Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable password. The password for this account can be found in cleartext in the firmware. This account can be used by someone to login to the ssh server or web interface with admin privileges.”

Description

Researchers from EYE (Netherlands) reported a secret backdoor on Zyxel devices (Firewalls and AP Controlled) running firmware version 4.60. The vulnerability, identified as CVE-2020-29583, stems from hardcoded credentials that allow attackers to gain administrative management access on the vulnerable devices via SSH or web interface.

The secret backdoor account “zyfwp” with the password “Pr*******Xp” is stored in plaintext in the code of the firmware. Since full credentials have been also released publicly by news channels, these credentials could be used by attackers to login to the SSH or the web interface to manage the devices with administrative rights.

$ ssh zyfwp@192.168.1.252
Password: Pr*******Xp
Router>

Affected products that run the vulnerable firmware version 4.60 are as follows:

ATP series running firmware ZLD v4.60 – Firewall
USG series running firmware ZLD v4.60 – Firewall
USG FLEX series running firmware ZLD v4.60 – Firewall
VPN series running firmware ZLD v4.60 – Firewall
NXC2500 running firmware v6.00 through v6.10
NXC5500 running firmware v6.00 through v6.10

Impact

A local attacker can gain administrative access rights on the effected devices via authenticating through SSH or web interface using the hardcoded plaintext credentials.

Impact Summary

Category: Secret Backdoor
CVSS 3.1 Base Score: 7.8 High
CVSS 3.1 Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Solution (Update)

Affected versions should be patched with the firmware patches released by the Zyxel to address the discovered vulnerability.

As we’ve come to realize, the idea that security starts and ends with the purchase of a prepackaged firewall is simply misguided.
Art Wittmann

Read more educational and inspirational cyber quotes at our page 100+ Best Cyber Security & Hacker Quotes.

References to Advisories, Solutions and Tools

You could also read our popular articles What is a Security Vulnerability? or What is Vulnerability Scanning?

Secret Backdoor Discovered on Zyxel Firewall and AP Controllers (CVE-2020-29583)

Overview

Description

Impact

Solution (Update)

References to Advisories, Solutions and Tools

Zero-Day Vulnerabilities in Google Chrome in 2022

Microsoft Patches 55 CVEs and 6 Zero-Days with November 2021 Updates

Static SSH Keys Vulnerability in Cisco Policy Suite (CVE-2021-40119)

Multiple Vulnerabilities on Cisco Catalyst PON Series Switches (CVE-2021-34795, CVE-2021-40113)

Google Patches 2 Zero-Days in Chrome Browser (CVE-2021-38000, CVE-2021-38003)

Adblock Detected

In order to support our free services, please use a web browser without an ad blocker to be able to view the requested content.