ID

VAR-202012-0977


CVE

CVE-2020-29583


TITLE

Zyxel USG  Vulnerability in plaintext storage of important information on devices

Trust: 0.8

sources: JVNDB: JVNDB-2020-014757

DESCRIPTION

Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable password. The password for this account can be found in cleartext in the firmware. This account can be used by someone to login to the ssh server or web interface with admin privileges. Zyxel USG A device contains a vulnerability in the plaintext storage of important information.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

Trust: 1.71

sources: NVD: CVE-2020-29583 // JVNDB: JVNDB-2020-014757 // VULMON: CVE-2020-29583

AFFECTED PRODUCTS

vendor:zyxelmodel:usg60wscope:eqversion:4.60

Trust: 1.0

vendor:zyxelmodel:usg60scope:eqversion:4.60

Trust: 1.0

vendor:zyxelmodel:usg1900scope:eqversion:4.60

Trust: 1.0

vendor:zyxelmodel:usg2200scope:eqversion:4.60

Trust: 1.0

vendor:zyxelmodel:atp500scope:eqversion:4.60

Trust: 1.0

vendor:zyxelmodel:atp100wscope:eqversion:4.60

Trust: 1.0

vendor:zyxelmodel:usg20-vpnscope:eqversion:4.60

Trust: 1.0

vendor:zyxelmodel:zywall310scope:eqversion:4.60

Trust: 1.0

vendor:zyxelmodel:atp800scope:eqversion:4.60

Trust: 1.0

vendor:zyxelmodel:vpn50scope:eqversion:4.60

Trust: 1.0

vendor:zyxelmodel:usg flex 500scope:eqversion:4.60

Trust: 1.0

vendor:zyxelmodel:vpn300scope:eqversion:4.60

Trust: 1.0

vendor:zyxelmodel:usg210scope:eqversion:4.60

Trust: 1.0

vendor:zyxelmodel:usg40wscope:eqversion:4.60

Trust: 1.0

vendor:zyxelmodel:usg40scope:eqversion:4.60

Trust: 1.0

vendor:zyxelmodel:usg110scope:eqversion:4.60

Trust: 1.0

vendor:zyxelmodel:vpn100scope:eqversion:4.60

Trust: 1.0

vendor:zyxelmodel:usg flex 100wscope:eqversion:4.60

Trust: 1.0

vendor:zyxelmodel:usg310scope:eqversion:4.60

Trust: 1.0

vendor:zyxelmodel:zywall110scope:eqversion:4.60

Trust: 1.0

vendor:zyxelmodel:usg20w-vpnscope:eqversion:4.60

Trust: 1.0

vendor:zyxelmodel:usg1100scope:eqversion:4.60

Trust: 1.0

vendor:zyxelmodel:atp700scope:eqversion:4.60

Trust: 1.0

vendor:zyxelmodel:usg flex 100scope:eqversion:4.60

Trust: 1.0

vendor:zyxelmodel:atp200scope:eqversion:4.60

Trust: 1.0

vendor:zyxelmodel:atp100scope:eqversion:4.60

Trust: 1.0

vendor:zyxelmodel:usg flex 700scope:eqversion:4.60

Trust: 1.0

vendor:zyxelmodel:usg flex 200scope:eqversion:4.60

Trust: 1.0

vendor:zyxelmodel:vpn1000scope:eqversion:4.60

Trust: 1.0

vendor:zyxelmodel:zywall1100scope:eqversion:4.60

Trust: 1.0

vendor:zyxelmodel:usg210scope: - version: -

Trust: 0.8

vendor:zyxelmodel:usg110scope: - version: -

Trust: 0.8

vendor:zyxelmodel:usg60scope: - version: -

Trust: 0.8

vendor:zyxelmodel:usg40wscope: - version: -

Trust: 0.8

vendor:zyxelmodel:usg310scope: - version: -

Trust: 0.8

vendor:zyxelmodel:usg40scope: - version: -

Trust: 0.8

vendor:zyxelmodel:usg20w-vpnscope: - version: -

Trust: 0.8

vendor:zyxelmodel:usg1100scope: - version: -

Trust: 0.8

vendor:zyxelmodel:usg20-vpnscope: - version: -

Trust: 0.8

vendor:zyxelmodel:usg60wscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-014757 // NVD: CVE-2020-29583

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-29583
value: CRITICAL

Trust: 1.0

NVD: CVE-2020-29583
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202012-1459
value: CRITICAL

Trust: 0.6

VULMON: CVE-2020-29583
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2020-29583
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

nvd@nist.gov: CVE-2020-29583
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2020-29583
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULMON: CVE-2020-29583 // JVNDB: JVNDB-2020-014757 // CNNVD: CNNVD-202012-1459 // NVD: CVE-2020-29583

PROBLEMTYPE DATA

problemtype:CWE-522

Trust: 1.0

problemtype:Plaintext storage of important information (CWE-312) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2020-014757 // NVD: CVE-2020-29583

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202012-1459

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-202012-1459

PATCH

title:Security Advisoriesurl:http://ftp.zyxel.com/USG40/firmware/USG40_4.60(AALA.1)C0_2.pdf

Trust: 0.8

title:Zyxel USG Series Fixes for encryption problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=137990

Trust: 0.6

title:BruteX-master BruteX Install script for BruteX VARS BruteX by @xer0dayz http://xerosecurity.com ABOUT: BruteX is a simple bash script used to brute force all services on a target. INSTALL: ./install.sh USAGE: brutex <IP/hostname> HYDRA SERVICES: asterisk cisco cisco-enable cvs ftp ftps http[s]-{head|get} http[s]-{get|post}-form http-proxy http-proxy-urlenum icq imap[s] irc ldap2[s] ldap3[-{cram|digest}md5][s] mssql mysql(v4) nntp oracle-listener oracle-sid pcanywhere pcnfs pop3[s] postgres rdp redis rexec rlogin rsh rtsp s7-300 sip smb smtp[s] smtp-enum snmp socks5 ssh sshkey teamspeak telnet[s] vmauthd vnc xmpp UN-COMMENT TO ENABLE PROXYurl:https://github.com/MartinDojcinoski23/BruteX-master

Trust: 0.1

title:Scanner for Zyxel products which are vulnerable due to an undocumented user account (CVE-2020-29583) Usageurl:https://github.com/2d4d/scan_CVE-2020-29583

Trust: 0.1

title:Middleware-Vulnerability-detection 免责声明:url:https://github.com/lovechinacoco/https-github.com-mai-lang-chai-Middleware-Vulnerability-detection

Trust: 0.1

title:Middleware-Vulnerability-detection 免责声明:url:https://github.com/apachecn-archive/Middleware-Vulnerability-detection

Trust: 0.1

title:Awesome-POCurl:https://github.com/ArrestX/--POC

Trust: 0.1

title:Normal-POCurl:https://github.com/Miraitowa70/POC-Notes

Trust: 0.1

title:Vulnerabilityurl:https://github.com/tzwlhack/Vulnerability

Trust: 0.1

title:Normal-POCurl:https://github.com/Miraitowa70/Pentest-Notes

Trust: 0.1

title:Awesome-POCurl:https://github.com/Threekiii/Awesome-POC

Trust: 0.1

title:Awesome-POCurl:https://github.com/KayCHENvip/vulnerability-poc

Trust: 0.1

title:欢迎关注阿尔法实验室微信公众号url:https://github.com/alphaSeclab/sec-daily-2020

Trust: 0.1

title:SecBooks SecBooks目录url:https://github.com/SexyBeast233/SecBooks

Trust: 0.1

title:Known Exploited Vulnerabilities Detectorurl:https://github.com/Ostorlab/KEV

Trust: 0.1

title:PoC in GitHuburl:https://github.com/developer3000S/PoC-in-GitHub

Trust: 0.1

title:Threatposturl:https://threatpost.com/cybercriminals-exploits-zyxel-flaw/162789/

Trust: 0.1

sources: VULMON: CVE-2020-29583 // JVNDB: JVNDB-2020-014757 // CNNVD: CNNVD-202012-1459

EXTERNAL IDS

db:NVDid:CVE-2020-29583

Trust: 2.5

db:JVNDBid:JVNDB-2020-014757

Trust: 0.8

db:CNNVDid:CNNVD-202012-1459

Trust: 0.6

db:VULMONid:CVE-2020-29583

Trust: 0.1

sources: VULMON: CVE-2020-29583 // JVNDB: JVNDB-2020-014757 // CNNVD: CNNVD-202012-1459 // NVD: CVE-2020-29583

REFERENCES

url:https://www.zyxel.com/support/security_advisories.shtml

Trust: 1.7

url:https://businessforum.zyxel.com/discussion/5254/whats-new-for-zld4-60-patch-1-available-on-dec-15

Trust: 1.7

url:https://businessforum.zyxel.com/discussion/5252/zld-v4-60-revoke-and-wk48-firmware-release

Trust: 1.7

url:https://www.eyecontrol.nl/blog/undocumented-user-account-in-zyxel-products.html

Trust: 1.7

url:https://www.zyxel.com/support/cve-2020-29583.shtml

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2020-29583

Trust: 1.4

url:https://www.secpod.com/blog/a-secret-zyxel-firewall-and-ap-controllers-could-allow-for-administrative-access-cve-2020-29583/

Trust: 1.1

url:http://ftp.zyxel.com/usg40/firmware/usg40_4.60%28aala.1%29c0_2.pdf

Trust: 1.1

url:http://ftp.zyxel.com/usg40/firmware/usg40_4.60(aala.1)c0_2.pdf

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/522.html

Trust: 0.1

url:https://github.com/martindojcinoski23/brutex-master

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULMON: CVE-2020-29583 // JVNDB: JVNDB-2020-014757 // CNNVD: CNNVD-202012-1459 // NVD: CVE-2020-29583

SOURCES

db:VULMONid:CVE-2020-29583
db:JVNDBid:JVNDB-2020-014757
db:CNNVDid:CNNVD-202012-1459
db:NVDid:CVE-2020-29583

LAST UPDATE DATE

2024-08-14T15:43:04.073000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2020-29583date:2023-11-07T00:00:00
db:JVNDBid:JVNDB-2020-014757date:2021-08-30T08:31:00
db:CNNVDid:CNNVD-202012-1459date:2022-07-14T00:00:00
db:NVDid:CVE-2020-29583date:2024-07-26T19:46:46.690

SOURCES RELEASE DATE

db:VULMONid:CVE-2020-29583date:2020-12-22T00:00:00
db:JVNDBid:JVNDB-2020-014757date:2021-08-30T00:00:00
db:CNNVDid:CNNVD-202012-1459date:2020-12-22T00:00:00
db:NVDid:CVE-2020-29583date:2020-12-22T22:15:14.443