V
Scaner-VS
ENRU
HomeCatalogSourcesCWECAPECATT&CKMitigationsDocs
Back to catalog
BDU:2021-01667
BDU
Critical

Уязвимость микропрограммного обеспечения сетевых устройств ZyXEL USG, USG VPN, ATP, ZyWALL и FLEX связана с незашифрованным хранением данны…

CVSS
9.8
Critical
EPSS
0.00
p0
Published
2021-01-01
Updated
2021-01-01
Description

Уязвимость микропрограммного обеспечения сетевых устройств ZyXEL USG, USG VPN, ATP, ZyWALL и FLEX связана с незашифрованным хранением данных при использовании учетной записи «zyfwp». Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, получить несанкционированный доступ к защищаемой информации

Tags · CWE
Pre-auth
Affected products
Zyxel communications corp. Atp100Zyxel communications corp. Atp100wZyxel communications corp. Atp200Zyxel communications corp. Atp500Zyxel communications corp. Atp700Zyxel communications corp. Atp800Zyxel communications corp. Usg flex 100Zyxel communications corp. Usg flex 100wZyxel communications corp. Usg flex 200Zyxel communications corp. Usg flex 500Zyxel communications corp. Usg flex 700Zyxel communications corp. Usg110Zyxel communications corp. Usg1100Zyxel communications corp. Usg1900Zyxel communications corp. Usg20-vpnZyxel communications corp. Usg20w-vpnZyxel communications corp. Usg210Zyxel communications corp. Usg2200Zyxel communications corp. Usg310Zyxel communications corp. Usg40
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Timeline
2021-01-01
Published
2021-01-01
Updated
CVSS 3.1 breakdown
Attack Vector
AV: N
Network (N)
Attack Complexity
AC: L
Low (L)
Privileges Required
PR: N
None (N)
User Interaction
UI: N
None (N)
Scope
S: U
Unchanged (U)
Confidentiality Impact
C: H
High (H)
Integrity Impact
I: H
High (H)
Availability Impact
A: H
High (H)
Exploit indicators
EPSS
0.000 · p0
Known exploited (KEV)
No
Known exploits — Сканер-ВС
No Сканер-ВС checks registered for this vulnerability yet.
Affected software
ProductVendorStatus
atp100zyxel communications corp.Tracked
atp100wzyxel communications corp.Tracked
atp200zyxel communications corp.Tracked
atp500zyxel communications corp.Tracked
atp700zyxel communications corp.Tracked
atp800zyxel communications corp.Tracked
usg flex 100zyxel communications corp.Tracked
usg flex 100wzyxel communications corp.Tracked
usg flex 200zyxel communications corp.Tracked
usg flex 500zyxel communications corp.Tracked
usg flex 700zyxel communications corp.Tracked
usg110zyxel communications corp.Tracked
usg1100zyxel communications corp.Tracked
usg1900zyxel communications corp.Tracked
usg20-vpnzyxel communications corp.Tracked
usg20w-vpnzyxel communications corp.Tracked
usg210zyxel communications corp.Tracked
usg2200zyxel communications corp.Tracked
usg310zyxel communications corp.Tracked
usg40zyxel communications corp.Tracked
Source databases
BDU
Related vulnerabilities
CVE-2020-29583
External references
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29583@http://ftp.zyxel.com/USG40/firmware/USG40_4.60(AALA.1)C0_2.pdf@https://businessforum.zyxel.com/discussion/5252/zld-v4-60-revoke-and-wk48-firmware-release@https://businessforum.zyxel.com/discussion/5254/whats-new-for-zld4-60-patch-1-available-on-dec-15@https://www.zyxel.com/support/CVE-2020-29583.shtml@https://www.zyxel.com/support/security_advisories.shtml@https://nvd.nist.gov/vuln/detail/CVE-2020-29583@https://cxsecurity.com/cveshow/CVE-2020-29583/@ww.eyecontrol.nl/blog/undocumented-user-account-in-zyxel-products.html@https://www.secpod.com/blog/a-secret-zyxel-firewall-and-ap-controllers-could-allow-for-administrative-access-cve-2020-29583/@https://www.cisa.gov/sites/default/files/csv/known_exploited_vulnerabilities.csv