SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (Router/Bridge/Hub)  >   ZyXEL Wireless Router Vendors:   ZyXEL Communications Corp.
ZyXEL NBG-418N Wireless Router Bugs Let Remote Users Conduct Cross-Site Request Forgery Attacks and Gain Administrative Access
SecurityTracker Alert ID:  1034554
SecurityTracker URL:  http://securitytracker.com/id/1034554
CVE Reference:   CVE-2015-6016, CVE-2015-7283, CVE-2015-7284   (Links to External Site)
Date:  Jan 2 2016
Impact:   Modification of user information, User access via network
Vendor Confirmed:  Yes  
Version(s): Model NBG-418N; firmware version 1.00(AADZ.3)C0
Description:   Several vulnerabilities were reported in ZyXEL Wireless Router model NBG-418N. A remote user can conduct cross-site request forgery attacks. A remote user can gain access to the target system.

A remote user can create a specially crafted HTML page or URL that, when loaded by the target authenticated user, will take actions on the target interface acting as the target user [CVE-2015-7284].

The original advisory is available at:

https://www.kb.cert.org/vuls/id/330000

The system uses a default password of '1234' for the 'admin' account. A remote user can gain administrative access to the target system [CVE-2015-6016, CVE-2015-7283].

The original advisory is available at:

https://www.kb.cert.org/vuls/id/870744

Joel Land of the CERT/CC reported these vulnerabilities.

Impact:   A remote user can take actions on the target system acting as the target authenticated user.

A remote user can gain administrative access to the target system.

Solution:   No solution was available at the time of this entry.
Vendor URL:  www.zyxel.com/ (Links to External Site)
Cause:   Access control error, Configuration error, Input validation error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC