{"id":18005,"date":"2020-12-30T00:03:00","date_gmt":"2020-12-29T23:03:00","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=18005"},"modified":"2021-11-23T01:39:43","modified_gmt":"2021-11-23T00:39:43","slug":"undokumentierter-nutzer-in-zyxel-produkten-cve-2020-29583","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2020\/12\/30\/undokumentierter-nutzer-in-zyxel-produkten-cve-2020-29583\/","title":{"rendered":"Undocumented User in Zyxel Products (CVE-2020-29583)"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" style=\"float: left; margin: 0px 10px 0px 0px; display: inline\" src=\"https:\/\/www.borncity.com\/blog\/wp-content\/uploads\/2015\/01\/Schutz.jpg\" width=\"40\" align=\"left\" height=\"47\">[<a href=\"https:\/\/www.borncity.com\/blog\/?p=241099\" target=\"_blank\" rel=\"noopener\">German<\/a>]In many Zyxel products (firewalls) there is a vulnerability CVE-2020-29583 in the form of an undocumented user. The manufacturer has since released firmware updates to fix the vulnerability.<\/p>\n<p><!--more--><\/p>\n<p>This was discovered by Niels Teusink, who made it public in <a href=\"https:\/\/web.archive.org\/web\/20210126175303\/https:\/\/www.eyecontrol.nl\/blog\/undocumented-user-account-in-zyxel-products.html\" target=\"_blank\" rel=\"noopener\">this blog post<\/a> on December 23, 2020. I became aware of the issue a few days ago via the following <a href=\"https:\/\/twitter.com\/Dinosn\/status\/1343493330420822016\" target=\"_blank\" rel=\"noopener\">tweet<\/a>. <\/p>\n<p><a href=\"https:\/\/twitter.com\/Dinosn\/status\/1343493330420822016\" target=\"_blank\" rel=\"noopener\"><img decoding=\"async\" title=\"CVE-2020-29583 in Zyxel-Products\" alt=\"CVE-2020-29583 in Zyxel-Products\" src=\"https:\/\/i.imgur.com\/6Rh4MxB.png\"><\/a><\/p>\n<p>Users of Zyxel USG, ATP, VPN, ZyWALL or USG FLEX are affected &#8211; the full list of affected devices can be found <a href=\"https:\/\/businessforum.zyxel.com\/discussion\/5252\/zld-v4-60-revoke-and-wk48-firmware-release\" target=\"_blank\" rel=\"noopener\">here<\/a> and in the <a href=\"https:\/\/www.zyxel.com\/support\/CVE-2020-29583.shtml\" target=\"_blank\" rel=\"noopener\">Zyxel security advisory<\/a>. For its firewalls, Zyxel has already provided firmware updates in December 2020. For the AP controllers, there should be firmware updates in April 2021. Details can be read in the linked articles.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>[German]In many Zyxel products (firewalls) there is a vulnerability CVE-2020-29583 in the form of an undocumented user. The manufacturer has since released firmware updates to fix the vulnerability.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[580],"tags":[69],"class_list":["post-18005","post","type-post","status-publish","format-standard","hentry","category-security","tag-security"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/18005","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=18005"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/18005\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=18005"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=18005"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=18005"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}