• Netenrich
  • /
  • Blog
  • /
  • CVE-2020-29583 – Do You KNOW This Vulnerability?

CVE-2020-29583 – Do You KNOW This Vulnerability?

Post by rajarshi Jan 08, 2021

KNOW is Netenrich’s cybersecurity news aggregator and threat intel platform. You can see the most trending malware, threat actors, and vulnerabilities in our threat intel dashboard over the last 7 and 60 days. As per the dashboard, CVE-2020-29583 happens to be the most trending vulnerability in both these time frames.

cve-2020-29583 threat intelligence information

So, why is CVE-2020-29583 trending? Let’s take a look.

What is CVE-2020-29583?

cve-2020-29583 threat intelligence overview

Vendor: Zyxel

CVE-2020-29583 is a vulnerability in the firmware version 4.60 of Zyxel USG devices and contains an undocumented account (zyfwp) with an unchangeable password. The password for this account can be found in cleartext in the firmware. An attacker can use this account to login to the ssh server or web interface with admin privileges.

Here is a tabulation of all the software that are currently vulnerable.

cve-2020-29583 affected software versions

Patch

  • http://ftp.zyxel.com/USG40/firmware/USG40_4.60(AALA.1)C0_2.pdf
  • https://businessforum.zyxel.com/discussion/5252/zld-v4-60-revoke-and-wk48-firmware-release
  • https://businessforum.zyxel.com/discussion/5254/whats-new-for-zld4-60-patch-1-available-on-dec-15
  • https://www.zyxel.com/support/CVE-2020-29583.shtml
  • https://www.zyxel.com/support/security_advisories.shtml
  • A fix for the NXC access point controller series products would not be released until April.

Why is CVE-2020-29583 trending?

Earlier this week, the Multi-State Information Sharing and Analysis Center, or MS-ISAC, issued an alert that the CVE-2020-29583 vulnerability poses a major cybersecurity risk for large enterprises and government agencies. According to the researchers, around 100,000 Zyxel devices are vulnerable to the backdoor.

As per MS-ISAC:

This could allow the attacker to change firewall settings, intercept traffic and create VPN accounts to gain access to the network behind the device and other administrative functions.

While no exploits have been spotted in the wild, the MS-ISAC notes that a threat actor could leverage this vulnerability to gain admin access to their targeted network’s inner parts and escalate privileges.

Reactions from Twitter

#1 Security Bulletin

#2 The Hacker News

#3 Techmeme

CVE-2020-29583 references from KNOW

cve-2020-29583-threat intelligence references

  • First seen: 23 December 2020
  • Last seen: 7 January 2021
  • Total references: 66
  • Last 60 days: 66
  • Previous 7 days: 57

KNOW our powerful threat intelligence platform

know threat intelligence from netenrich

KNOW is Netenrich’s Threat Intel Platform that extracts data from billions of data points and correlates relevant intel and expert analyst insights to help you follow, search, and act—in a fraction of the time it takes now. However, Netenrich’s offering isn’t just limited to threat intelligence. We offer a powerful combination of threat and attack surface intelligence.

Threat and Attack Surface Intelligence will help your SecOps to:

  • Find hidden risks to your brand on the public Internet
  • Stay informed about threats in minutes versus hours
  • Act on the most critical threats first
  • Reduce effort and alert fatigue
  • Measure and demonstrate value.
Why did we create Knowledge NOW? Read our story

Find out more about Netenrich’s Attack Surface Intelligence (ASI) solution.

Hey, before you leave, we have this interesting article up on “Intelligent SOC.” Intelligent SOC leverages Netenrich Resolution Intelligence to evolve cybersecurity beyond the antiquated ticket-based model with modern AIOps-based architecture.

Want to read some more?

Yes I do!

About the Author

rajarshi

Subscribe To Our Newsletter!

The best source of information for Security, Networks, Cloud, and ITOps best practices. Join us.

Thank you for subscribing!