What is the severity of CVE-2020-13365?

The severity of CVE-2020-13365 is critical with a severity value of 8.8.

How can a non-root user generate a password for an undocumented user account on the affected Zyxel products?

A non-root user can generate a password for an undocumented user account using a locally accessible binary on the affected Zyxel products.

Can the generated password be used for a TELNET session as root?

Yes, the generated password can be used for a TELNET session as root.

Where can I find more information about CVE-2020-13365?

You can find more information about CVE-2020-13365 on the Zyxel security advisory and security advisories page.

Vulnerability/
CVE-2020-13365

critical

CWE

287

6/8/2020

4/8/2024

CVE-2020-13365

Q: Which Zyxel products are affected by CVE-2020-13365?

Zyxel NAS520 V5.21(AASZ.4)C0, V5.21(AASZ.0)C0, V5.11(AASZ.3)C0, and V5.11(AASZ.0)C0; NAS542 V5.11(ABAG.0)C0.

First published: Thu Aug 06 2020(Updated: )

Certain Zyxel products have a locally accessible binary that allows a non-root user to generate a password for an undocumented user account that can be used for a TELNET session as root. This affects NAS520 V5.21(AASZ.4)C0, V5.21(AASZ.0)C0, V5.11(AASZ.3)C0, and V5.11(AASZ.0)C0; NAS542 V5.11(ABAG.0)C0, V5.20(ABAG.1)C0, and V5.21(ABAG.3)C0; NSA325 v2_V4.81(AALS.0)C0 and V4.81(AAAJ.1)C0; NSA310 4.22(AFK.0)C0 and 4.22(AFK.1)C0; NAS326 V5.21(AAZF.8)C0, V5.11(AAZF.4)C0, V5.11(AAZF.2)C0, and V5.11(AAZF.3)C0; NSA310S V4.75(AALH.2)C0; NSA320S V4.75(AANV.2)C0 and V4.75(AANV.1)C0; NSA221 V4.41(AFM.1)C0; and NAS540 V5.21(AATB.5)C0 and V5.21(AATB.3)C0.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Zyxel NAS326 firmware	<v5.21\(aazf.9\)c0
Zyxel NAS326
Zyxel Nas520 Firmware	<v5.21\(aasz.5\)c0
Zyxel Nas520
Zyxel Nas540 Firmware	<v5.21\(aatb.6\)c0
Zyxel Nas540
Zyxel Nas542 Firmware	<v5.21\(abag.6\)c0
Zyxel NAS542

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

Which Zyxel products are affected by CVE-2020-13365?
Zyxel NAS520 V5.21(AASZ.4)C0, V5.21(AASZ.0)C0, V5.11(AASZ.3)C0, and V5.11(AASZ.0)C0; NAS542 V5.11(ABAG.0)C0.
What is the severity of CVE-2020-13365?
The severity of CVE-2020-13365 is critical with a severity value of 8.8.
How can a non-root user generate a password for an undocumented user account on the affected Zyxel products?
A non-root user can generate a password for an undocumented user account using a locally accessible binary on the affected Zyxel products.
Can the generated password be used for a TELNET session as root?
Yes, the generated password can be used for a TELNET session as root.
Where can I find more information about CVE-2020-13365?
You can find more information about CVE-2020-13365 on the Zyxel security advisory and security advisories page.

collector/nvd-index
agent/references
agent/severity
agent/author
agent/weakness
agent/type
agent/description
agent/event
agent/last-modified-date
agent/softwarecombine
agent/first-publish-date
agent/tags
collector/mitre-cve
source/MITRE
vendor/zyxel
canonical/zyxel nas326 firmware
canonical/zyxel nas326
canonical/zyxel nas520 firmware
canonical/zyxel nas520
canonical/zyxel nas540 firmware
canonical/zyxel nas540
canonical/zyxel nas542 firmware
canonical/zyxel nas542

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.