Undocumented User in Zyxel Products (CVE-2020-29583)

[German]In many Zyxel products (firewalls) there is a vulnerability CVE-2020-29583 in the form of an undocumented user. The manufacturer has since released firmware updates to fix the vulnerability.


This was discovered by Niels Teusink, who made it public in this blog post on December 23, 2020. I became aware of the issue a few days ago via the following tweet.

CVE-2020-29583 in Zyxel-Products

Users of Zyxel USG, ATP, VPN, ZyWALL or USG FLEX are affected – the full list of affected devices can be found here and in the Zyxel security advisory. For its firewalls, Zyxel has already provided firmware updates in December 2020. For the AP controllers, there should be firmware updates in April 2021. Details can be read in the linked articles.

Cookies helps to fund this blog: Cookie settings

This entry was posted in Security and tagged . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *