Show filters
1 Total Results
Displaying 1-1 of 1
Sort by:
Attacker Value
Very High

CVE-2020-29583 Zyxel USG Hard-Coded Admin Creds

Disclosure Date: December 22, 2020 (last updated October 28, 2023)
Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable password. The password for this account can be found in cleartext in the firmware. This account can be used by someone to login to the ssh server or web interface with admin privileges.