Unrated severityCISA KEVNVD Advisory· Published Dec 22, 2020· Updated Oct 21, 2025
CVE-2020-29583
CVE-2020-29583
Description
Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable password. The password for this account can be found in cleartext in the firmware. This account can be used by someone to login to the ssh server or web interface with admin privileges.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Zyxel/USGdescription
Patches
Vulnerability mechanics
References
7- ftp.zyxel.com/USG40/firmware/USG40_4.60%28AALA.1%29C0_2.pdfmitre
- businessforum.zyxel.com/discussion/5252/zld-v4-60-revoke-and-wk48-firmware-releasemitre
- businessforum.zyxel.com/discussion/5254/whats-new-for-zld4-60-patch-1-available-on-dec-15mitre
- www.eyecontrol.nl/blog/undocumented-user-account-in-zyxel-products.htmlmitre
- www.secpod.com/blog/a-secret-zyxel-firewall-and-ap-controllers-could-allow-for-administrative-access-cve-2020-29583/mitre
- www.zyxel.com/support/CVE-2020-29583.shtmlmitre
- www.zyxel.com/support/security_advisories.shtmlmitre
News mentions
0No linked articles in our index yet.