Details of VAR-202012-0977

ID

VAR-202012-0977

CVE

CVE-2020-29583

TITLE

Zyxel USG Vulnerability in plaintext storage of important information on devices

Trust: 0.8

sources: JVNDB: JVNDB-2020-014757

DESCRIPTION

Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable password. The password for this account can be found in cleartext in the firmware. This account can be used by someone to login to the ssh server or web interface with admin privileges. Zyxel USG A device contains a vulnerability in the plaintext storage of important information.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

Trust: 1.71

sources: NVD: CVE-2020-29583 // JVNDB: JVNDB-2020-014757 // VULMON: CVE-2020-29583

AFFECTED PRODUCTS

vendor:	zyxel	model:	usg60w	scope:	eq	version:	4.60	Trust: 1.0
vendor:	zyxel	model:	usg60	scope:	eq	version:	4.60	Trust: 1.0
vendor:	zyxel	model:	usg1900	scope:	eq	version:	4.60	Trust: 1.0
vendor:	zyxel	model:	usg2200	scope:	eq	version:	4.60	Trust: 1.0
vendor:	zyxel	model:	atp500	scope:	eq	version:	4.60	Trust: 1.0
vendor:	zyxel	model:	atp100w	scope:	eq	version:	4.60	Trust: 1.0
vendor:	zyxel	model:	usg20-vpn	scope:	eq	version:	4.60	Trust: 1.0
vendor:	zyxel	model:	zywall310	scope:	eq	version:	4.60	Trust: 1.0
vendor:	zyxel	model:	atp800	scope:	eq	version:	4.60	Trust: 1.0
vendor:	zyxel	model:	vpn50	scope:	eq	version:	4.60	Trust: 1.0
vendor:	zyxel	model:	usg flex 500	scope:	eq	version:	4.60	Trust: 1.0
vendor:	zyxel	model:	vpn300	scope:	eq	version:	4.60	Trust: 1.0
vendor:	zyxel	model:	usg210	scope:	eq	version:	4.60	Trust: 1.0
vendor:	zyxel	model:	usg40w	scope:	eq	version:	4.60	Trust: 1.0
vendor:	zyxel	model:	usg40	scope:	eq	version:	4.60	Trust: 1.0
vendor:	zyxel	model:	usg110	scope:	eq	version:	4.60	Trust: 1.0
vendor:	zyxel	model:	vpn100	scope:	eq	version:	4.60	Trust: 1.0
vendor:	zyxel	model:	usg flex 100w	scope:	eq	version:	4.60	Trust: 1.0
vendor:	zyxel	model:	usg310	scope:	eq	version:	4.60	Trust: 1.0
vendor:	zyxel	model:	zywall110	scope:	eq	version:	4.60	Trust: 1.0
vendor:	zyxel	model:	usg20w-vpn	scope:	eq	version:	4.60	Trust: 1.0
vendor:	zyxel	model:	usg1100	scope:	eq	version:	4.60	Trust: 1.0
vendor:	zyxel	model:	atp700	scope:	eq	version:	4.60	Trust: 1.0
vendor:	zyxel	model:	usg flex 100	scope:	eq	version:	4.60	Trust: 1.0
vendor:	zyxel	model:	atp200	scope:	eq	version:	4.60	Trust: 1.0
vendor:	zyxel	model:	atp100	scope:	eq	version:	4.60	Trust: 1.0
vendor:	zyxel	model:	usg flex 700	scope:	eq	version:	4.60	Trust: 1.0
vendor:	zyxel	model:	usg flex 200	scope:	eq	version:	4.60	Trust: 1.0
vendor:	zyxel	model:	vpn1000	scope:	eq	version:	4.60	Trust: 1.0
vendor:	zyxel	model:	zywall1100	scope:	eq	version:	4.60	Trust: 1.0
vendor:	zyxel	model:	usg210	scope:	-	version:	-	Trust: 0.8
vendor:	zyxel	model:	usg110	scope:	-	version:	-	Trust: 0.8
vendor:	zyxel	model:	usg60	scope:	-	version:	-	Trust: 0.8
vendor:	zyxel	model:	usg40w	scope:	-	version:	-	Trust: 0.8
vendor:	zyxel	model:	usg310	scope:	-	version:	-	Trust: 0.8
vendor:	zyxel	model:	usg40	scope:	-	version:	-	Trust: 0.8
vendor:	zyxel	model:	usg20w-vpn	scope:	-	version:	-	Trust: 0.8
vendor:	zyxel	model:	usg1100	scope:	-	version:	-	Trust: 0.8
vendor:	zyxel	model:	usg20-vpn	scope:	-	version:	-	Trust: 0.8
vendor:	zyxel	model:	usg60w	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-014757 // NVD: CVE-2020-29583

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-29583
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2020-29583
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-202012-1459
value:	CRITICAL
Trust: 0.6
VULMON:	CVE-2020-29583
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2020-29583
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9

nvd@nist.gov:	CVE-2020-29583
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2020-29583
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULMON: CVE-2020-29583 // JVNDB: JVNDB-2020-014757 // CNNVD: CNNVD-202012-1459 // NVD: CVE-2020-29583

PROBLEMTYPE DATA

problemtype:	CWE-522	Trust: 1.0
problemtype:	Plaintext storage of important information (CWE-312) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2020-014757 // NVD: CVE-2020-29583

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202012-1459

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-202012-1459

PATCH

title:	Security Advisories	url:	http://ftp.zyxel.com/USG40/firmware/USG40_4.60(AALA.1)C0_2.pdf	Trust: 0.8
title:	Zyxel USG Series Fixes for encryption problem vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=137990	Trust: 0.6
title:	BruteX-master BruteX Install script for BruteX VARS BruteX by @xer0dayz http://xerosecurity.com ABOUT: BruteX is a simple bash script used to brute force all services on a target. INSTALL: ./install.sh USAGE: brutex <IP/hostname> HYDRA SERVICES: asterisk cisco cisco-enable cvs ftp ftps http[s]-{head\|get} http[s]-{get\|post}-form http-proxy http-proxy-urlenum icq imap[s] irc ldap2[s] ldap3[-{cram\|digest}md5][s] mssql mysql(v4) nntp oracle-listener oracle-sid pcanywhere pcnfs pop3[s] postgres rdp redis rexec rlogin rsh rtsp s7-300 sip smb smtp[s] smtp-enum snmp socks5 ssh sshkey teamspeak telnet[s] vmauthd vnc xmpp UN-COMMENT TO ENABLE PROXY	url:	https://github.com/MartinDojcinoski23/BruteX-master	Trust: 0.1
title:	Scanner for Zyxel products which are vulnerable due to an undocumented user account (CVE-2020-29583) Usage	url:	https://github.com/2d4d/scan_CVE-2020-29583	Trust: 0.1
title:	Middleware-Vulnerability-detection 免责声明：	url:	https://github.com/lovechinacoco/https-github.com-mai-lang-chai-Middleware-Vulnerability-detection	Trust: 0.1
title:	Middleware-Vulnerability-detection 免责声明：	url:	https://github.com/apachecn-archive/Middleware-Vulnerability-detection	Trust: 0.1
title:	Awesome-POC	url:	https://github.com/ArrestX/--POC	Trust: 0.1
title:	Normal-POC	url:	https://github.com/Miraitowa70/POC-Notes	Trust: 0.1
title:	Vulnerability	url:	https://github.com/tzwlhack/Vulnerability	Trust: 0.1
title:	Normal-POC	url:	https://github.com/Miraitowa70/Pentest-Notes	Trust: 0.1
title:	Awesome-POC	url:	https://github.com/Threekiii/Awesome-POC	Trust: 0.1
title:	Awesome-POC	url:	https://github.com/KayCHENvip/vulnerability-poc	Trust: 0.1
title:	欢迎关注阿尔法实验室微信公众号	url:	https://github.com/alphaSeclab/sec-daily-2020	Trust: 0.1
title:	SecBooks SecBooks目录	url:	https://github.com/SexyBeast233/SecBooks	Trust: 0.1
title:	Known Exploited Vulnerabilities Detector	url:	https://github.com/Ostorlab/KEV	Trust: 0.1
title:	PoC in GitHub	url:	https://github.com/developer3000S/PoC-in-GitHub	Trust: 0.1
title:	Threatpost	url:	https://threatpost.com/cybercriminals-exploits-zyxel-flaw/162789/	Trust: 0.1

sources: VULMON: CVE-2020-29583 // JVNDB: JVNDB-2020-014757 // CNNVD: CNNVD-202012-1459

EXTERNAL IDS

db:	NVD	id:	CVE-2020-29583	Trust: 2.5
db:	JVNDB	id:	JVNDB-2020-014757	Trust: 0.8
db:	CNNVD	id:	CNNVD-202012-1459	Trust: 0.6
db:	VULMON	id:	CVE-2020-29583	Trust: 0.1

sources: VULMON: CVE-2020-29583 // JVNDB: JVNDB-2020-014757 // CNNVD: CNNVD-202012-1459 // NVD: CVE-2020-29583

REFERENCES

url:	https://www.zyxel.com/support/security_advisories.shtml	Trust: 1.7
url:	https://businessforum.zyxel.com/discussion/5254/whats-new-for-zld4-60-patch-1-available-on-dec-15	Trust: 1.7
url:	https://businessforum.zyxel.com/discussion/5252/zld-v4-60-revoke-and-wk48-firmware-release	Trust: 1.7
url:	https://www.eyecontrol.nl/blog/undocumented-user-account-in-zyxel-products.html	Trust: 1.7
url:	https://www.zyxel.com/support/cve-2020-29583.shtml	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-29583	Trust: 1.4
url:	https://www.secpod.com/blog/a-secret-zyxel-firewall-and-ap-controllers-could-allow-for-administrative-access-cve-2020-29583/	Trust: 1.1
url:	http://ftp.zyxel.com/usg40/firmware/usg40_4.60%28aala.1%29c0_2.pdf	Trust: 1.1
url:	http://ftp.zyxel.com/usg40/firmware/usg40_4.60(aala.1)c0_2.pdf	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/522.html	Trust: 0.1
url:	https://github.com/martindojcinoski23/brutex-master	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULMON: CVE-2020-29583 // JVNDB: JVNDB-2020-014757 // CNNVD: CNNVD-202012-1459 // NVD: CVE-2020-29583

SOURCES

db:	VULMON	id:	CVE-2020-29583
db:	JVNDB	id:	JVNDB-2020-014757
db:	CNNVD	id:	CNNVD-202012-1459
db:	NVD	id:	CVE-2020-29583

LAST UPDATE DATE

2024-08-14T15:43:04.073000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2020-29583	date:	2023-11-07T00:00:00
db:	JVNDB	id:	JVNDB-2020-014757	date:	2021-08-30T08:31:00
db:	CNNVD	id:	CNNVD-202012-1459	date:	2022-07-14T00:00:00
db:	NVD	id:	CVE-2020-29583	date:	2024-07-26T19:46:46.690

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2020-29583	date:	2020-12-22T00:00:00
db:	JVNDB	id:	JVNDB-2020-014757	date:	2021-08-30T00:00:00
db:	CNNVD	id:	CNNVD-202012-1459	date:	2020-12-22T00:00:00
db:	NVD	id:	CVE-2020-29583	date:	2020-12-22T22:15:14.443