Zyxel Firewall Vulnerability CVE-2020-29583

This report is about a high severity vulnerability affecting Zyxel firewalls and AP controllers.  A hardcoded credential vulnerability was identified in the “zyfwp” user account in some Zyxel firewalls and AP controllers.  The account was designed to deliver automatic firmware updates to connected access points through FTP.  There are patches available for these vulnerabilities on the vendor’s website.

Tactics, Techniques, and Procedures

The vulnerabilities have been given the identifying information of CVE-2020-29583. CVE-2020-29583 affects Zyxel firewalls running firmware version V4.60, and Zyxel AP controllers running firmware versions V6.00 through V6.10.
CVE-2020-29583 is caused by an undocumented account (zyfwp) with an unchangeable password. The password for this account can be found in cleartext in the firmware. This account can be used by someone to log in to the ssh server or web interface with admin privileges.

Business Unit Impact

  •  This account can be used by someone to login to the SSH server or web interface with admin privileges
  • Could result in the compromise of firewalls and AP  controllers in the network
  • May allow for persistence as a result of new user creation


  • Zyxel has released a patch for the hardcoded credential vulnerability of firewalls and AP controllers
  • Security operations personnel are advised to install the applicable firmware updates for optimal protection
  • Audit logs should be reviewed to determine if vulnerable devices were accessed using the hardcoded account

Avertium brings a guided, risk-based cybersecurity approach to the mid-to-large enterprise. Leveraging NIST CSF and the MITRE ATT&CK framework, Avertium develops customized, outcome-based roadmaps that enable companies to evolve their cybersecurity posture in the face of the cybersecurity talent shortage, rapidly evolving threat landscape, and budgetary constraints. 

For information about how we can help, contact an expert to schedule a no-obligation consultation.

Note: The Avertium Threat Report analyzes one current threat that has been shared by threat intelligence networks across the globe. Used internally by the Avertium CyberOps Team, this report will outline a “top-of-mind” threat and how it ought to be addressed accordingly.

This informed analysis is based on the latest data available.

Chat With One of Our Experts

Threat Report zyxel firewall backdoor backdoor malware cVE-2020-29583 vulnerability management Blog