{"vulnerability": "CVE-2020-2958", "sightings": [{"uuid": "f6bcf06b-47c8-473d-8b97-a2483a93b38b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-29583", "type": "seen", "source": "MISP/f5030aca-7d5a-43a4-ae03-8f4ac8e85422", "content": "", "creation_timestamp": "2021-11-08T08:58:20.000000Z"}, {"uuid": "26b93c59-8c24-4165-a58c-c68100a777ed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-29583", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2021-11-20T09:53:52.000000Z"}, {"uuid": "6227484b-b402-4a5d-9dfa-dfa03da50f17", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-29583", "type": "seen", "source": "MISP/24c0c150-19f9-4301-87cf-6ab59dbb3c32", "content": "", "creation_timestamp": "2022-06-13T13:42:00.000000Z"}, {"uuid": "34331b48-1462-44af-b396-69028459b2db", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-29583", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/2970885", "content": "", "creation_timestamp": "2024-12-24T20:21:15.216941Z"}, {"uuid": "d2da0286-e541-4267-bca2-b829c55c328e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-29583", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-02-23T02:09:48.000000Z"}, {"uuid": "9d7f9306-94af-495a-8a50-d68c5dcae15d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2020-29583", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/819b768f-8bd5-4199-9f62-1920e0a260b2", "content": "", "creation_timestamp": "2026-02-02T12:29:08.326201Z"}, {"uuid": "2affec18-b8c3-4bdb-bd31-0cf47c07d098", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-29583", "type": "published-proof-of-concept", "source": "https://t.me/cKure/3613", "content": "\u25a0\u25a1\u25a1\u25a1\u25a1 CVE-2020-29583: Zyxel USG Hard-Coded Admin Creds\n\nThe zyfwp user is a Unix user with password PrOw!aN_fXp. The user can log in to an affected Zyxel device\u2019s web interface and SSH service. Admin access to a management interface is granted.\n\nhttps://attackerkb.com/topics/FJI292KsKw/cve-2020-29583-zyxel-usg-hard-coded-admin-creds", "creation_timestamp": "2021-01-07T08:18:20.000000Z"}, {"uuid": "1cbad6c5-defd-4d5e-af07-4d5dafb44e80", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-29583", "type": "seen", "source": "https://t.me/cKure/3550", "content": "\u25a0\u25a0\u25a0\u25a0\u25a1CVE-2020-29583: A hardcoded credential vulnerability was identified in the \u201czyfwp\u201d user account in some Zyxel firewalls and AP controllers. The account was designed to deliver automatic firmware updates to connected access points through FTP.\n\nhttps://www.zyxel.com/support/CVE-2020-29583.shtml", "creation_timestamp": "2021-01-01T16:38:04.000000Z"}, {"uuid": "bae5454e-0349-4e55-bf2e-6896c83eaa48", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-29583", "type": "seen", "source": "https://t.me/cKure/3549", "content": "\u25a0\u25a0\u25a0\u25a0\u25a1 CVE-2020-29583: Secret Backdoor Account Found in Several Zyxel Firewall, VPN Products.\n\nhttps://thehackernews.com/2021/01/secret-backdoor-account-found-in.html", "creation_timestamp": "2021-01-01T16:35:18.000000Z"}, {"uuid": "8af08f98-b1ec-4674-a2c7-2218f06fffb9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-29583", "type": "exploited", "source": "https://t.me/ctinow/26543", "content": "Recently disclosed CVE-2020-29583 Zyxel flaw already under opportunistic attack\n\nhttps://ift.tt/3bci8Ts", "creation_timestamp": "2021-01-06T13:22:35.000000Z"}, {"uuid": "bfe07b26-b8dd-4e29-9fc8-2faef00db775", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-29583", "type": "published-proof-of-concept", "source": "Telegram/iOCbdODPq9o4eHU_uNBgnGGHTEOykMXwEVEIybISf7kzMjU", "content": "", "creation_timestamp": "2021-01-05T16:42:20.000000Z"}, {"uuid": "2c1a8fd4-1332-4d5b-8703-500746c5c312", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-29583", "type": "seen", "source": "https://t.me/arpsyndicate/972", "content": "#ExploitObserverAlert\n\nCVE-2020-29583\n\nDESCRIPTION: Exploit Observer has 21 entries related to CVE-2020-29583. Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable password. The password for this account can be found in cleartext in the firmware. This account can be used by someone to login to the ssh server or web interface with admin privileges.\n\nFIRST-EPSS: 0.962190000\nNVD-IS: 5.9\nNVD-ES: 3.9", "creation_timestamp": "2023-12-03T16:00:37.000000Z"}, {"uuid": "9fb6e964-0013-4497-b4d3-ecdf3c7fb74a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-29583", "type": "seen", "source": "Telegram/cMAUpzExODRbs-sublXQY3NrXRrUZ6SvV9KcE2hqzjIsEw", "content": "", "creation_timestamp": "2021-01-04T17:21:00.000000Z"}, {"uuid": "6329c64b-5330-4750-9afb-39ebb6fcf5f0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-29583", "type": "published-proof-of-concept", "source": "https://t.me/true_secator/3042", "content": "\u0410\u043c\u0435\u0440\u0438\u043a\u0430\u043d\u0441\u043a\u0438\u0435 \u0441\u043f\u0435\u0446\u0441\u043b\u0443\u0436\u0431\u044b \u0442\u0440\u0438\u0430\u0434\u043e\u0439 \u0437\u0430\u044f\u0432\u0438\u043b\u0438 \u043e \u0432\u0430\u0440\u0432\u0430\u0440\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u043d\u0438\u043a\u043d\u043e\u0432\u0435\u043d\u0438\u044f\u0445 \u043a\u0438\u0442\u0430\u0439\u0441\u043a\u0438\u0445 \u0410\u0420\u0422 \u0432 \u043d\u0430\u0446\u0438\u043e\u043d\u0430\u043b\u044c\u043d\u044b\u0439 \u0442\u0435\u043b\u0435\u043a\u043e\u043c. \u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0431\u044e\u043b\u043b\u0435\u0442\u0435\u043d\u044c \u043f\u043e \u043a\u0438\u0431\u0435\u0440\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u043f\u043e\u0434 \u0430\u0432\u0442\u043e\u0440\u0441\u0442\u0432\u043e\u043c \u0410\u041d\u0411, CISA \u0438 \u0424\u0411\u0420 \u0431\u043e\u043b\u044c\u0448\u0435 \u043d\u0430\u043f\u043e\u043c\u0438\u043d\u0430\u0435\u0442 \u043d\u0430\u0434\u0443\u043c\u0430\u043d\u043d\u044b\u0439 \u043f\u0440\u0435\u0434\u043b\u043e\u0433 \u0434\u043b\u044f \u043e\u0447\u0435\u0440\u0435\u0434\u043d\u044b\u0445 \u043d\u0435\u043f\u0440\u0430\u0432\u043e\u043c\u0435\u0440\u043d\u044b\u0445 \u0441\u0430\u043d\u043a\u0446\u0438\u0439.\n\n\u041f\u043e \u0434\u0430\u043d\u043d\u044b\u043c \u0430\u0432\u0442\u043e\u0440\u043e\u0432, \u043f\u0440\u043e\u043a\u0438\u0442\u0430\u0439\u0441\u043a\u0438\u0435 \u0410\u0420\u0422 \u043d\u0430\u0446\u0435\u043b\u0438\u043b\u0438\u0441\u044c \u043d\u0430 \u043a\u0440\u0443\u043f\u043d\u044b\u0435 \u0442\u0435\u043b\u0435\u043a\u043e\u043c\u043c\u0443\u043d\u0438\u043a\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0435 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438 \u0438 \u043f\u043e\u0441\u0442\u0430\u0432\u0449\u0438\u043a\u043e\u0432 \u0441\u0435\u0442\u0435\u0432\u044b\u0445 \u0443\u0441\u043b\u0443\u0433, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u043e\u0431\u0449\u0435\u0438\u0437\u0432\u0435\u0441\u0442\u043d\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 , \u0432\u0437\u043b\u043e\u043c\u0430\u043b\u0438 \u0431\u0443\u043a\u0432\u0430\u043b\u044c\u043d\u043e \u0432\u0441\u0435: \u043e\u0442 \u043d\u0435\u043f\u0440\u043e\u043f\u0430\u0442\u0447\u0435\u043d\u043d\u044b\u0445 \u043e\u0444\u0438\u0441\u043d\u044b\u0445 \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u0438\u0437\u0430\u0442\u043e\u0440\u043e\u0432 \u0434\u043e \u043a\u0440\u0443\u043f\u043d\u044b\u0445 \u043a\u043e\u0440\u043f\u043e\u0440\u0430\u0442\u0438\u0432\u043d\u044b\u0445 \u0441\u0435\u0442\u0435\u0439, \u0434\u043b\u044f \u043a\u0440\u0430\u0436\u0438 \u0443\u0447\u0435\u0442\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 \u0438 \u0441\u0431\u043e\u0440\u0430 \u0434\u0430\u043d\u043d\u044b\u0445.\n\n\u0412\u0441\u0435 \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u043d\u0435\u0437\u0430\u0449\u0438\u0449\u0435\u043d\u043d\u044b\u0435 \u0441\u0435\u0442\u0435\u0432\u044b\u0435 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430 \u0445\u0430\u043a\u0435\u0440\u044b \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0438 \u0432 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b \u0434\u043b\u044f \u0430\u0442\u0430\u043a, \u0440\u0430\u0441\u043f\u043e\u043b\u0430\u0433\u0430\u044f \u0441\u0435\u0440\u0432\u0435\u0440\u0430 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0438 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044f \u0438 \u043f\u0440\u043e\u043a\u0441\u0438-\u0441\u0438\u0441\u0442\u0435\u043c\u044b.\n\n\u041f\u043e\u0441\u043b\u0435 \u0437\u0430\u043a\u0440\u0435\u043f\u043b\u0435\u043d\u0438\u044f \u0432\u043d\u0443\u0442\u0440\u0438 \u0442\u0435\u043b\u0435\u043a\u043e\u043c\u043c\u0443\u043d\u0438\u043a\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0438 \u0410\u0420\u0422 \u0432\u044b\u0434\u0435\u043b\u044f\u0435\u0442 \u043a\u0440\u0443\u0433 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438 \u0432\u0430\u0436\u043d\u044b\u0445 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u0438 \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0443, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438, \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438 \u0438 \u0443\u0447\u0435\u0442\u0430. \u041f\u043e\u0441\u043b\u0435 \u0447\u0435\u0433\u043e \u043a\u0440\u0430\u0434\u0443\u0442 \u0443\u0447\u0435\u0442\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435 \u0434\u043b\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0431\u0430\u0437\u0430\u043c \u0434\u0430\u043d\u043d\u044b\u0445 SQL \u0438 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c SQL-\u043a\u043e\u043c\u0430\u043d\u0434\u044b \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u044f\u0442 \u0441\u0431\u0440\u043e\u0441 \u0443\u0447\u0435\u0442\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u0438 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u043e\u0432 \u0441 RADIUS.\n\n\u0412\u043e\u043e\u0440\u0443\u0436\u0438\u0432\u0448\u0438\u0441\u044c \u0443\u0436\u0435 \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u043c\u0438 \u0443\u0447\u0435\u0442\u043d\u044b\u043c\u0438 \u0437\u0430\u043f\u0438\u0441\u044f\u043c\u0438 \u0441\u043e \u0432\u0437\u043b\u043e\u043c\u0430\u043d\u043d\u043e\u0433\u043e \u0441\u0435\u0440\u0432\u0435\u0440\u0430 RADIUS \u0438 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u044f\u043c\u0438 \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u0438\u0437\u0430\u0442\u043e\u0440\u043e\u0432, \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043f\u0440\u043e\u0445\u043e\u0434\u044f\u0442 \u0443\u0441\u043f\u0435\u0448\u043d\u0443\u044e \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044e \u0432 \u0441\u0435\u0442\u0438, \u043f\u0440\u0438\u0441\u0442\u0443\u043f\u0430\u044e\u0442 \u043a \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0435 \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u0438\u0437\u0430\u0442\u043e\u0440\u0430 \u0434\u043b\u044f \u0441\u043a\u0440\u044b\u0442\u043e\u0433\u043e \u043f\u0435\u0440\u0435\u043d\u0430\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0442\u0440\u0430\u0444\u0438\u043a\u0430 \u043d\u0430 \u043f\u043e\u0434\u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c\u043d\u0443\u044e \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0443 \u0447\u0435\u0440\u0435\u0437 \u043d\u0430\u0441\u0442\u0440\u0430\u0438\u0432\u0430\u0435\u043c\u044b\u0439 \u0442\u0443\u043d\u043d\u0435\u043b\u044c, \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0442\u0430\u0431\u043b\u0438\u0446\u044b \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u0438\u0437\u0430\u0446\u0438\u0438 \u0438 \u044d\u0435\u0440\u043a\u0430\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u043f\u043e\u0440\u0442\u043e\u0432.\n\n\u0417\u0430\u0432\u0435\u0440\u0448\u0438\u0432 \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438, \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u0447\u0430\u0441\u0442\u043e \u043c\u043e\u0434\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043b\u0438 \u0438/\u0438\u043b\u0438 \u0443\u0434\u0430\u043b\u044f\u043b\u0438 \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u044b\u0435 \u0444\u0430\u0439\u043b\u044b \u0436\u0443\u0440\u043d\u0430\u043b\u043e\u0432, \u0447\u0442\u043e\u0431\u044b \u0443\u043d\u0438\u0447\u0442\u043e\u0436\u0438\u0442\u044c \u0434\u043e\u043a\u0430\u0437\u0430\u0442\u0435\u043b\u044c\u0441\u0442\u0432\u0430 \u0441\u0432\u043e\u0435\u0439 \u0434\u0435\u044f\u0442\u0435\u043b\u044c\u043d\u043e\u0441\u0442\u0438, \u0447\u0442\u043e\u0431\u044b \u0435\u0449\u0435 \u0431\u043e\u043b\u044c\u0448\u0435 \u0441\u043a\u0440\u044b\u0442\u044c \u0441\u0432\u043e\u0435 \u043f\u0440\u0438\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u0435 \u0438 \u0438\u0437\u0431\u0435\u0436\u0430\u0442\u044c \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u044f.\n\n\u0412 \u0441\u0432\u043e\u0435\u0439 \u0440\u0430\u0431\u043e\u0442\u0435 \u043a\u0438\u0442\u0430\u0439\u0441\u043a\u0438\u0435 \u0430\u043a\u0442\u043e\u0440\u044b \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442 \u043d\u0430\u0431\u043e\u0440 \u043e\u0431\u0449\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439, \u043d\u0430\u0447\u0438\u043d\u0430\u044f \u0441 2020 \u0433\u043e\u0434\u0430, \u0441\u0440\u0435\u0434\u0438 \u043a\u043e\u0442\u043e\u0440\u044b\u0445: Cisco (CVE-2018-0171, CVE-2019-15271, CVE-2019-1652), Citrix (CVE-2019-19781), D-Link (CVE-2019-16920), Fortinet (CVE-2018-13382), MikroTik (CVE-2018-14847), Netgear (CVE-2017-6862), Pulse (CVE-2019-11510, CVE-2021-22893), QNAP (CVE-2019-7192-7195), Zyxel (CVE-2020-29583) \u0438 \u0434\u0440. \n\n\u042d\u0442\u043e\u0442 \u043c\u0435\u0442\u043e\u0434 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u043b \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u043f\u043e\u043b\u0443\u0447\u0430\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0443\u0447\u0435\u0442\u043d\u044b\u043c \u0437\u0430\u043f\u0438\u0441\u044f\u043c \u0436\u0435\u0440\u0442\u0432, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u043e\u0431\u0449\u0435\u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u0435 PoC, \u0431\u0435\u0437 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u0441\u0432\u043e\u0435\u0433\u043e \u0441\u043e\u0431\u0441\u0442\u0432\u0435\u043d\u043d\u043e\u0433\u043e \u043e\u0442\u043b\u0438\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0433\u043e \u0438\u043b\u0438 \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u0443\u044e\u0449\u0435\u0433\u043e \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0433\u043e \u041f\u041e. \u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u0442\u0430\u043a\u0436\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0438 RouterSploit \u0438 RouterScan \u0441 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u043c \u0438\u0441\u0445\u043e\u0434\u043d\u044b\u043c \u043a\u043e\u0434\u043e\u043c \u0434\u043b\u044f \u043a\u043e\u043d\u043a\u0440\u0435\u0442\u043d\u044b\u0445 \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u0438\u0437\u0430\u0442\u043e\u0440\u043e\u0432, \u0447\u0442\u043e\u0431\u044b \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u044f\u0442\u044c \u043c\u0430\u0440\u043a\u0438, \u043c\u043e\u0434\u0435\u043b\u0438 \u0438 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0434\u043b\u044f \u0434\u0430\u043b\u044c\u043d\u0435\u0439\u0448\u0435\u0439 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438.\u00a0\n\n\u041f\u043e \u0434\u0430\u043d\u043d\u044b\u043c \u0441\u043f\u0435\u0446\u0441\u043b\u0443\u0436\u0431, \u0442\u0430\u043a\u0430\u044f \u0442\u0430\u043a\u0442\u0438\u043a\u0430 \u0440\u0430\u0431\u043e\u0442\u044b \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u043b\u0430 \u0410\u0420\u0422 \u0441\u043e\u0437\u0434\u0430\u0442\u044c \u043e\u0431\u0448\u0438\u0440\u043d\u044b\u0435 \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u043d\u044b\u0435 \u0441\u0435\u0442\u0438 \u0434\u043b\u044f \u0441\u043e\u0432\u0435\u0440\u0448\u0435\u043d\u0438\u044f \u0431\u043e\u043b\u0435\u0435 \u043c\u043e\u0449\u043d\u044b\u0445 \u0430\u0442\u0430\u043a \u043d\u0430 \u0448\u0438\u0440\u043e\u043a\u0438\u0439 \u043a\u0440\u0443\u0433 \u0446\u0435\u043b\u0435\u0439 \u0433\u043e\u0441\u0443\u0434\u0430\u0440\u0441\u0442\u0432\u0435\u043d\u043d\u043e\u0433\u043e \u0438 \u0447\u0430\u0441\u0442\u043d\u043e\u0433\u043e \u0441\u0435\u043a\u0442\u043e\u0440\u043e\u0432 \u0421\u0428\u0410.\n\n\u0410\u0431\u0441\u0442\u0440\u0430\u0433\u0438\u0440\u0443\u044f\u0441\u044c \u043e\u0442 \u043f\u043e\u043b\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0430\u043d\u0433\u0430\u0436\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0441\u0442\u0438 \u043f\u043e\u0434\u043e\u0431\u043d\u044b\u0445 \u0437\u0430\u044f\u0432\u043b\u0435\u043d\u0438\u0439, \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0441\u043c\u044f\u0433\u0447\u0435\u043d\u0438\u044e \u043f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u0439 \u0438 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u044e \u0431\u0443\u0434\u0443\u0442 \u0432\u043e\u0441\u0442\u0440\u0435\u0431\u043e\u0432\u0430\u043d\u044b \u0432\u043d\u0435 \u0437\u0430\u0432\u0438\u0441\u0438\u043c\u043e\u0441\u0442\u0438 \u043e\u0442 \u0444\u0430\u043a\u0442\u0443\u0440\u044b \u0441\u0430\u043c\u043e\u0433\u043e \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u0430. \u0420\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u043c \u043e\u0437\u043d\u0430\u043a\u043e\u043c\u0438\u0442\u044c\u0441\u044f (\u0437\u0434\u0435\u0441\u044c).", "creation_timestamp": "2022-06-08T19:35:04.000000Z"}, {"uuid": "0a344efc-b751-4bec-83c8-c089c7e101cd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-29589", "type": "seen", "source": "https://t.me/cibsecurity/20264", "content": "\u203c CVE-2020-29589 \u203c\n\nVersions of the Official kapacitor Docker images through 1.5.0-alpine contain a blank password for the root user. Systems deployed using affected versions of the kapacitor container may allow a remote attacker to achieve root access with a blank password.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-11T18:37:43.000000Z"}, {"uuid": "a541a375-fc96-4cb2-8820-dd6def6d5bf6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-29587", "type": "seen", "source": "https://t.me/cibsecurity/22158", "content": "\u203c CVE-2020-29587 \u203c\n\nSimplCommerce 1.0.0-rc uses the Bootbox.js library, which allows creation of programmatic dialog boxes using Bootstrap modals. The Bootbox.js library intentionally does not perform any sanitization of user input, which results in a DOM XSS, because it uses the jQuery .html() function to directly append the payload to a dialog.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-01-14T18:49:37.000000Z"}, {"uuid": "20854ad5-5023-47d6-be64-53d3b8b5ca0a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-29583", "type": "seen", "source": "https://t.me/cibsecurity/21192", "content": "\u203c CVE-2020-29583 \u203c\n\nFirmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable password. The password for this account can be found in cleartext in the firmware. This account can be used by someone to login to the ssh server or web interface with admin privileges.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-23T00:53:54.000000Z"}, {"uuid": "2a2c499a-8546-4b5d-a9a2-3a9f169b90d3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-29589", "type": "seen", "source": "https://t.me/cibsecurity/20352", "content": "\u203c CVE-2020-29589 \u203c\n\nVersions of the Official kapacitor Docker images through 1.5.0-alpine contain a blank password for the root user. Systems deployed using affected versions of the kapacitor container may allow a remote attacker to achieve root access with a blank password.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-11T20:35:37.000000Z"}, {"uuid": "c3ac0ee8-3382-4bc0-9642-14080b827bf6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-29589", "type": "seen", "source": "https://t.me/cibsecurity/20342", "content": "\u203c CVE-2020-29589 \u203c\n\nVersions of the Official kapacitor Docker images through 1.5.0-alpine contain a blank password for the root user. Systems deployed using affected versions of the kapacitor container may allow a remote attacker to achieve root access with a blank password.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-11T20:25:32.000000Z"}, {"uuid": "4e135be9-f7a0-49f0-a6a1-75293fd919f5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-29589", "type": "seen", "source": "https://t.me/cibsecurity/20409", "content": "\u203c CVE-2020-29589 \u203c\n\nVersions of the Official kapacitor Docker images through 1.5.0-alpine contain a blank password for the root user. Systems deployed using affected versions of the kapacitor container may allow a remote attacker to achieve root access with a blank password.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-11T22:04:24.000000Z"}, {"uuid": "5292b114-a6c5-4494-9d70-c96f32d31c4d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-29589", "type": "seen", "source": "https://t.me/cibsecurity/20322", "content": "\u203c CVE-2020-29589 \u203c\n\nVersions of the Official kapacitor Docker images through 1.5.0-alpine contain a blank password for the root user. Systems deployed using affected versions of the kapacitor container may allow a remote attacker to achieve root access with a blank password.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-11T20:24:31.000000Z"}, {"uuid": "b3e7f101-223d-489c-8b00-c8a85e422ffc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-29589", "type": "seen", "source": "https://t.me/cibsecurity/20449", "content": "\u203c CVE-2020-29589 \u203c\n\nVersions of the Official kapacitor Docker images through 1.5.0-alpine contain a blank password for the root user. Systems deployed using affected versions of the kapacitor container may allow a remote attacker to achieve root access with a blank password.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-11T22:25:08.000000Z"}, {"uuid": "bca8fb85-c3c7-46d4-a26a-6ad4c957c452", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-29589", "type": "seen", "source": "https://t.me/cibsecurity/20372", "content": "\u203c CVE-2020-29589 \u203c\n\nVersions of the Official kapacitor Docker images through 1.5.0-alpine contain a blank password for the root user. Systems deployed using affected versions of the kapacitor container may allow a remote attacker to achieve root access with a blank password.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-11T20:45:52.000000Z"}, {"uuid": "d0b8d05d-a3a0-4c6f-bc47-2c86c472d15d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-29589", "type": "seen", "source": "https://t.me/cibsecurity/20429", "content": "\u203c CVE-2020-29589 \u203c\n\nVersions of the Official kapacitor Docker images through 1.5.0-alpine contain a blank password for the root user. Systems deployed using affected versions of the kapacitor container may allow a remote attacker to achieve root access with a blank password.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-11T22:10:36.000000Z"}, {"uuid": "1fd1878e-0bfd-4916-b5f0-c9e7a69fbd15", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-29589", "type": "seen", "source": "https://t.me/cibsecurity/20391", "content": "\u203c CVE-2020-29589 \u203c\n\nVersions of the Official kapacitor Docker images through 1.5.0-alpine contain a blank password for the root user. Systems deployed using affected versions of the kapacitor container may allow a remote attacker to achieve root access with a blank password.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-11T21:25:10.000000Z"}, {"uuid": "634cb9ca-4c59-4c65-a492-3a319298bded", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-29589", "type": "seen", "source": "https://t.me/cibsecurity/20284", "content": "\u203c CVE-2020-29589 \u203c\n\nVersions of the Official kapacitor Docker images through 1.5.0-alpine contain a blank password for the root user. Systems deployed using affected versions of the kapacitor container may allow a remote attacker to achieve root access with a blank password.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-11T19:25:30.000000Z"}, {"uuid": "ce529c38-6604-49db-a255-0ef2bb73d408", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-29589", "type": "seen", "source": "https://t.me/cibsecurity/20303", "content": "\u203c CVE-2020-29589 \u203c\n\nVersions of the Official kapacitor Docker images through 1.5.0-alpine contain a blank password for the root user. Systems deployed using affected versions of the kapacitor container may allow a remote attacker to achieve root access with a blank password.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-11T19:34:38.000000Z"}, {"uuid": "2e719696-415a-4bf4-b8fd-f0f22332c762", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-29581", "type": "seen", "source": "https://t.me/cibsecurity/17251", "content": "\u203c CVE-2020-29581 \u203c\n\nThe official spiped docker images before 1.5-alpine contain a blank password for a root user. Systems using the spiped docker container deployed by affected versions of the docker image may allow an remote attacker to achieve root access with a blank password.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-08T18:31:09.000000Z"}, {"uuid": "b56f88af-020b-4422-93b6-c94b94c01227", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-29580", "type": "seen", "source": "https://t.me/cibsecurity/17246", "content": "\u203c CVE-2020-29580 \u203c\n\nThe official storm Docker images before 1.2.1 contain a blank password for a root user. Systems using the Storm Docker container deployed by affected versions of the Docker image may allow an remote attacker to achieve root access with a blank password.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-08T18:31:04.000000Z"}, {"uuid": "02609509-6f61-4977-964d-638a35ae0c21", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-29583", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/2605", "content": "#Analytics\nTop 10 Most Used Vulnerabilities of the Month (january 1-31)\nCVE-2021-3156:\nhttps://t.me/cybersecuritytechnologies/2577\nCVE-2020-16875:\nhttps://t.me/cybersecuritytechnologies/1751\nCVE-2020-29583:\nhttps://t.me/cybersecuritytechnologies/2386\nCVE-2021-2109:\nhttps://t.me/cybersecuritytechnologies/2540\nCVE-2020-17519:\nhttps://t.me/cybersecuritytechnologies/2473\nCVE-2020-25684/25685/25686:\nhttps://t.me/cybersecuritytechnologies/2534\nCVE-2021-3011:\nhttps://t.me/cybersecuritytechnologies/2447", "creation_timestamp": "2025-01-04T20:01:45.000000Z"}, {"uuid": "70305150-bec4-46e0-8008-3534ce237b04", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-29583", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/2386", "content": "#exploit\nCVE-2020-29583:\nUndocumented user account in Zyxel USG/USG FLEX, ATP, VPN, ZyWALL\nhttps://www.eyecontrol.nl/blog/undocumented-user-account-in-zyxel-products.html\n]-&gt; PoC:\nUsername: zyfwp\nPassword: PrOw!aN_fXp", "creation_timestamp": "2024-10-09T20:07:12.000000Z"}]}