Undocumented User in Zyxel Products (CVE-2020-29583)

Posted on 2020-12-30 by guenni

[German]In many Zyxel products (firewalls) there is a vulnerability CVE-2020-29583 in the form of an undocumented user. The manufacturer has since released firmware updates to fix the vulnerability.

Advertising

This was discovered by Niels Teusink, who made it public in this blog post on December 23, 2020. I became aware of the issue a few days ago via the following tweet.

CVE-2020-29583 in Zyxel-Products

Users of Zyxel USG, ATP, VPN, ZyWALL or USG FLEX are affected – the full list of affected devices can be found here and in the Zyxel security advisory. For its firewalls, Zyxel has already provided firmware updates in December 2020. For the AP controllers, there should be firmware updates in April 2021. Details can be read in the linked articles.

Advertising
This entry was posted in Security and tagged . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: Please note the rules for commenting on the blog (first comments and linked posts end up in moderation, I release them every few hours, I rigorously delete SEO posts/SPAM).