[German]In many Zyxel products (firewalls) there is a vulnerability CVE-2020-29583 in the form of an undocumented user. The manufacturer has since released firmware updates to fix the vulnerability.
Advertising
This was discovered by Niels Teusink, who made it public in this blog post on December 23, 2020. I became aware of the issue a few days ago via the following tweet.
Users of Zyxel USG, ATP, VPN, ZyWALL or USG FLEX are affected – the full list of affected devices can be found here and in the Zyxel security advisory. For its firewalls, Zyxel has already provided firmware updates in December 2020. For the AP controllers, there should be firmware updates in April 2021. Details can be read in the linked articles.
