Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-29583 PoC — Zyxel USG Series 加密问题漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2020/CVE-2020-29583.yaml
Associated Vulnerability
Title:Zyxel USG Series 加密问题漏洞 (CVE-2020-29583)
Description:Zyxel USG Series是中国合勤(Zyxel)公司的一系列用于公司环境的防火墙设备。 Zyxel USG devices Firmware version 4.60 存在安全漏洞,该漏洞源于包含一个无文档的帐户(zyfwp)和一个不可更改的密码。这个帐户的密码可以在固件的明文中找到。用户可以使用该帐户以管理员权限登录到ssh服务器或web界面。
Description
A hardcoded credential vulnerability was identified in the 'zyfwp' user account in some Zyxel firewalls and AP controllers. The account was designed to deliver automatic firmware updates to connected access points through FTP.
File Snapshot

 id: CVE-2020-29583

info:
  name: ZyXel USG - Hardcoded Credentials
  author: canberbamber
  severit

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.