ZyXEL Prestige 650HW 'rpFWUpload.html' Lets Remote Users Reset the Configuration
|
|
SecurityTracker Alert ID: 1012298 |
|
SecurityTracker URL: http://securitytracker.com/id/1012298
|
|
CVE Reference:
GENERIC-MAP-NOMATCH
(Links to External Site)
|
Updated: Nov 26 2004
|
Original Entry Date: Nov 22 2004
|
Impact:
Modification of system information
|
Exploit Included: Yes
|
Version(s): 650HW, 623, 645, 652; ZyNOS software version 3.40(GJ.4)
|
Description:
A vulnerability was reported in the ZyXEL Prestige 650HW router. A remote user can reset the configuration.
Francisco Jose Canela reported that when the HTTP administration interface is enabled, a remote user can access the following URL and click the 'Reset' button to reset the router's configuration:
http://[target]/rpFWUpload.html
Steve Clement reported that models 623 and 652 are also affected. Laurent Papier reported that model 645 is affected running version 3.40(GJ.4) dated 4/12/2004.
|
Impact:
A remote user can reset the router's configuration.
|
Solution:
No solution was available at the time of this entry.
|
Vendor URL: www.zyxel.com/ (Links to External Site)
|
Cause:
Access control error
|
|
Message History:
None.
|
Source Message Contents
|
Subject: Router ZyXEL Prestige 650 HW http remote admin.
|
Hi, I found a bug in ZyXEL Prestige 650 HW Routers with Http Remote Administration active.
Exploting this bug, the attacker can reset the router configurantion.
The "/rpFWUpload.html" is not password protected. To exploit this bug you only need write that:
http://[Router ip]/rpFWUpload.html
and click the Reset button.
Sorry if this post is misspelling... but I'm from Spain and my english level is poor...
____________
|
|
