CVE-2020-29299

Name: CVE-2020-29299
Creator: NVD / NIST
Published: 2020-12-27T06:15:12.447+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 7.2/10EPSS 2.34%

Last modified Jun 17, 2026

CVE-2020-29299 is a high-severity vulnerability rated 7.2/10 on the CVSS scale. Certain Zyxel products allow command injection by an admin via an input string to chg_exp_pwd during a password-change action. This affects VPN On-premise before ZLD V4.39 week38, VPN Orchestrator before SD-OS V10.03 week32, USG before ZLD V4.39 week38, USG FLEX before ZLD V4.55 week38, ATP before ZLD V4.55 week38, and NSG before 1.33 patch 4.. EPSS estimates a 2.34% chance of exploitation in the next 30 days.

Description

Certain Zyxel products allow command injection by an admin via an input string to chg_exp_pwd during a password-change action. This affects VPN On-premise before ZLD V4.39 week38, VPN Orchestrator before SD-OS V10.03 week32, USG before ZLD V4.39 week38, USG FLEX before ZLD V4.55 week38, ATP before ZLD V4.55 week38, and NSG before 1.33 patch 4.

Metrics

CVSS 3.1

7.2/10

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS Probability

2.34%

81.5th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-77

Affected Software

Vendor	Product	Versions
Zyxel	Vpn Orchestrator	< 10.03
Zyxel	Zld	< 4.39
Zyxel	Zld	< 4.55
Zyxel	Nsg Firmware	< 1.33
Zyxel	Nsg Firmware	1.33
Zyxel	Usg Flex Firmware	All versions

References

https://www.zyxel.com/support/Zyxel-security-advisory-for-command-injection-vulnerability-of-firewalls.shtmlVendor Advisory
https://www.zyxel.com/us/en/support/security_advisories.shtmlVendor Advisory
https://www.zyxel.com/support/Zyxel-security-advisory-for-command-injection-vulnerability-of-firewalls.shtmlVendor Advisory
https://www.zyxel.com/us/en/support/security_advisories.shtmlVendor Advisory

Timeline

Published: Dec 27, 2020
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2020-29299?

How severe is CVE-2020-29299?

CVE-2020-29299 has a CVSS score of 7.2/10 (HIGH severity). The EPSS model estimates a 2.34% probability of exploitation in the next 30 days.

How do I fix CVE-2020-29299?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2020-29299?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST