Zyxel Firewall Backdoor Vulnerability CVE-2020-29583

Darkside Ransomware
Share on linkedin
Share on facebook
Share on twitter
Share on reddit
Share on email
Share on print

Zyxel Firewall Vulnerability CVE-2020-29583

This report is about a high severity vulnerability affecting Zyxel firewalls and AP controllers.  A hardcoded credential vulnerability was identified in the “zyfwp” user account in some Zyxel firewalls and AP controllers.  The account was designed to deliver automatic firmware updates to connected access points through FTP.  There are patches available for these vulnerabilities on the vendor’s website.

Tactics, Techniques and Procedures

The vulnerabilities have been given the identifying information of CVE-2020-29583. CVE-2020-29583 affect Zyxel firewalls running firmware version V4.60, and Zyxel AP controllers running firmware versions V6.00 through V6.10.
CVE-2020-29583 is caused by an undocumented account (zyfwp) with an unchangeable password. The password for this account can be found in cleartext in the firmware. This account can be used by someone to login to the ssh server or web interface with admin privileges.

 

Business Unit Impact

  •  This account can be used by someone to login to the SSH server or web interface with admin privileges
  • Could result in the compromise of firewalls and AP  controllers in the network
  • May allow for persistence as a result of new user creation

Recommendations

  • Zyxel has released a patch for the hardcoded credential vulnerability of firewalls and AP controllers
  • Security operations personnel are advised to install the applicable firmware updates for optimal protection
  • Audit logs should be reviewed to determine if vulnerable devices were accessed using the hardcoded account

Avertium brings a guided, risk-based cybersecurity approach to the mid-to-large enterprise. Leveraging NIST CSF and the MITRE ATT&CK framework, Avertium develops customized, outcome-based roadmaps that enable companies to evolve their cybersecurity posture in the face of the cybersecurity talent shortage, rapidly evolving threat landscape and budgetary constraints. 

For information about how we can help, contact an expert to schedule a no-obligation consultation.

Note: The Avertium Threat Report analyzes one current threat that has been shared by threat intelligence networks across the globe. Used internally by the Avertium CyberOps Team, this report will outline a “top-of-mind” threat and how it ought to be addressed accordingly.

This informed analysis is based on the latest data available.

Share this:
Share on linkedin
Share on twitter
Share on facebook
Share on reddit
Share on email
Share on print

Sign-up for Weekly Updates