Is CVE-2020-29583 actively exploited?

CVE-2020-29583 has no public evidence of in-the-wild exploitation as of 2025-11-07.

What is the CVSS score for CVE-2020-29583?

CVE-2020-29583 has a CVSS score of 9.8 (CRITICAL severity). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

How do I patch CVE-2020-29583?

Patch guidance is available from zyxel security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2020-29583.

Fix CVE-2020-29583 - CRITICAL zyxel usg20-vpn firmware

Q: Which products are affected by CVE-2020-29583?

30 products: zyxel usg20-vpn firmware, zyxel usg20w-vpn firmware, zyxel usg40 firmware, zyxel usg40w firmware, zyxel usg60 firmware, and 25 more.

Description

Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable password. The password for this account can be found in cleartext in the firmware. This account can be used by someone to login to the ssh server or web interface with admin privileges.

CVSS Metrics

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector: network
Complexity: low
Privileges: none
User Action: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high
Weaknesses: CWE-522 · Insufficiently Protected Credentials CWE-522 · Insufficiently Protected Credentials

Metadata

Primary Vendor: ZYXEL
Published: 12/22/2020
Last Modified: 11/7/2025
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

zyxel : usg20-vpn_firmwarezyxel : usg20w-vpn_firmwarezyxel : usg40_firmwarezyxel : usg40w_firmwarezyxel : usg60_firmwarezyxel : usg60w_firmwarezyxel : usg110_firmwarezyxel : usg210_firmwarezyxel : usg310_firmwarezyxel : usg1100_firmwarezyxel : usg1900_firmwarezyxel : usg2200_firmwarezyxel : zywall110_firmwarezyxel : zywall310_firmwarezyxel : zywall1100_firmwarezyxel : atp100_firmwarezyxel : atp100w_firmwarezyxel : atp200_firmwarezyxel : atp500_firmwarezyxel : atp700_firmwarezyxel : atp800_firmwarezyxel : vpn50_firmwarezyxel : vpn100_firmwarezyxel : vpn300_firmwarezyxel : vpn1000_firmwarezyxel : usg_flex_100_firmwarezyxel : usg_flex_100w_firmwarezyxel : usg_flex_200_firmwarezyxel : usg_flex_500_firmwarezyxel : usg_flex_700_firmware

Remediation Guidance

Executive Summary

View on NIST NVD