www.belgium.be Logo of the federal government

Zyxel Firewall and AP Controllers contain Credential vulnerability

Advisory #2021-0001
Affected software: 
Zyxel ATP series running firmware ZLD V4.60
Zyxel USG series running firmware ZLD V4.60
Zyxel USG FLEX series running firmware ZLD V4.60
Zyxel VPN series running firmware ZLD V4.60
Zyxel NXC2500 running firmware V6.00 through V6.10
Zyxel NXC5500 running firmware V6.00 through V6.10
Hardcoded Credential Vulnerability

CVE-2020-29583 (CVSS 7.8)


Official Manufacturer: https://www.zyxel.com/support/CVE-2020-29583.shtml NVD: https://nvd.nist.gov/vuln/detail/CVE-2020-29583


Firewall products are used to protect internal network infrastructure. An adversary could use this credential vulnerability, found in the firmware, to gain remote administrative access to the device via its ssh server or the web interface. Administrative access could be used to create additional users and vpn connections to gain access to the network(s) protected by the firewall.


A specific version of Zyxel firewalls and AP controllers firmware contain a credential vulnerability. The user account (zyfwp) is undocumented and its password resides in clear text within the firmware. The account was designed to deliver automatic firmware updates to connected access points through FTP.

Recommended Actions

* CERT.be recommends upgrading Zyxel firewall firmware to version “ZLD V4.60 Patch1”. * CERT.be recommends using Two-Factor Authentication (2FA) protection for admin and VPN connections configured on these devices. * CERT.be recommends upgrading Zyxel AP controller firmware to version to “V6.10 Patch1” as soon as the patch from the manufacturer becomes available (08 Jan 2021).


Manufacturer: - https://www.zyxel.com/support/CVE-2020-29583.shtml - https://businessforum.zyxel.com/discussion/5254/whats-new-for-zld4-60-pa... Mitre: - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29583 NVD: - https://nvd.nist.gov/vuln/detail/CVE-2020-29583 Other: - https://businessforum.zyxel.com/discussion/5252/zld-v4-60-revoke-%20and-... - https://www.cisecurity.org/advisory/a-vulnerability-in-zyxel-firewall-an... - https://cisomag.eccouncil.org/over-100000-zyxel-devices-vulnerable-to-se...