Login Sign Up

CVE-2020-24355

9.8 CRITICAL
Authentication Bypass

📋 TL;DR

This vulnerability in Zyxel VMG5313-B30B routers allows regular users to create new accounts with administrative privileges by manipulating JSON parameters during account creation. Attackers can exploit insecure permissions to gain full control of affected routers. This affects routers running firmware version 5.13(ABCJ.6)b3_1127 and possibly older versions.

💻 Affected Systems

Products:
  • Zyxel VMG5313-B30B router
Versions: Firmware 5.13(ABCJ.6)b3_1127 and possibly older versions
Operating Systems: Embedded router firmware
Default Config Vulnerable: ⚠️ Yes
Notes: Requires user-level access to exploit; similar vulnerability may exist in account deletion functionality.

📦 What is this software?

Vmg5313 B30b Firmware by Zyxel

View all CVEs affecting Vmg5313 B30b Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of router with administrative access, enabling traffic interception, network pivoting, credential theft, and persistent backdoor installation.

🟠

Likely Case

Unauthorized administrative access leading to network surveillance, DNS hijacking, and credential harvesting from connected devices.

🟢

If Mitigated

Limited impact if proper network segmentation and access controls prevent lateral movement from compromised routers.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires existing user credentials; detailed technical analysis available in referenced blog posts.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Zyxel security advisories for latest patched firmware

Vendor Advisory: https://www.zyxel.com/support/security_advisories.shtml

Restart Required: Yes

Instructions:

1. Check current firmware version. 2. Download latest firmware from Zyxel support portal. 3. Upload firmware via router admin interface. 4. Apply update and restart router.

🔧 Temporary Workarounds

Disable remote management

all

Prevent external access to router administration interface

Restrict user account creation

all

Limit who can create new user accounts on the router

🧯 If You Can't Patch

  • Segment router management interface to isolated VLAN
  • Implement strict firewall rules limiting access to router administration ports

🔍 How to Verify

Check if Vulnerable:

Check firmware version via router admin interface; if version is 5.13(ABCJ.6)b3_1127 or older, assume vulnerable.

Check Version:

Login to router admin interface and check System Information or Firmware Status page

Verify Fix Applied:

Verify firmware version has been updated to patched version from Zyxel advisory.

📡 Detection & Monitoring

Log Indicators:

  • Unusual user account creation events
  • Multiple failed login attempts followed by successful account creation
  • Administrative actions from non-admin user accounts

Network Indicators:

  • Unusual outbound connections from router
  • DNS configuration changes
  • Unexpected administrative traffic to router

SIEM Query:

source="router_logs" AND (event="user_created" OR event="privilege_escalation")

📊 Metadata

CVE ID: CVE-2020-24355
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-732
Published: September 2, 2020
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-24355, you might also want to check these:

CVE-2021-33509 9.9

This vulnerability allows remote authenticated managers in Plone to perform arbitrary disk I/O opera...

Same vulnerability type (CWE-732)
CVE-2024-5618 9.9

This vulnerability allows attackers to access functionality they shouldn't have permission to use in...

Same vulnerability type (CWE-732)
CVE-2023-40622 9.9

This vulnerability in SAP BusinessObjects Business Intelligence Platform allows authenticated attack...

Same vulnerability type (CWE-732)