Main Vulnerability Database Exploits ID:7099 - Exploit for Use of hard-coded credentials in ZyXEL Communications Corp. products - CVE-2020-29583

ID:7099 - Exploit for Use of hard-coded credentials in ZyXEL Communications Corp. products - CVE-2020-29583

Published: November 29, 2021

Vulnerability identifier: #VU49149

Vulnerability risk: Critical

CVE-ID: CVE-2020-29583

CWE-ID: CWE-798

Exploitation vector: Remote access

Vulnerable software:
NXC2500
NXC5500
ZyXEL ZLD

Link to public exploit:

https://github.com/ruppde/scan_CVE-2020-29583

Vulnerability description

The vulnerability allows a remote attacker to gain full access to vulnerable system.

The vulnerability exists due to presence of hard-coded account zyfwp with an unchangeable password. A remote unauthenticated attacker can access the affected system via ssh or web interface using the hard-coded credentials and gain administrative privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Remediation

Install updates from vendor's website.

ID:7099 - Exploit for Use of hard-coded credentials in ZyXEL Communications Corp. products - CVE-2020-29583

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human