Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Device (Router/Bridge/Hub)  >   Prestige Router (ZyXEL) Vendors:   ZyXEL Communications Corp.
ZyXEL Prestige 650HW 'rpFWUpload.html' Lets Remote Users Reset the Configuration
SecurityTracker Alert ID:  1012298
SecurityTracker URL:
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Updated:  Nov 26 2004
Original Entry Date:  Nov 22 2004
Impact:   Modification of system information
Exploit Included:  Yes  
Version(s): 650HW, 623, 645, 652; ZyNOS software version 3.40(GJ.4)
Description:   A vulnerability was reported in the ZyXEL Prestige 650HW router. A remote user can reset the configuration.

Francisco Jose Canela reported that when the HTTP administration interface is enabled, a remote user can access the following URL and click the 'Reset' button to reset the router's configuration:


Steve Clement reported that models 623 and 652 are also affected. Laurent Papier reported that model 645 is affected running version 3.40(GJ.4) dated 4/12/2004.

Impact:   A remote user can reset the router's configuration.
Solution:   No solution was available at the time of this entry.
Vendor URL: (Links to External Site)
Cause:   Access control error

Message History:   None.

 Source Message Contents

Subject:  Router ZyXEL Prestige 650 HW http remote admin.

Hi, I found a bug in ZyXEL Prestige 650 HW Routers with Http Remote Administration active. 

Exploting this bug, the attacker can reset the router configurantion.

The "/rpFWUpload.html" is not password protected. To exploit this bug you only need write that:

http://[Router ip]/rpFWUpload.html

and click the Reset button.

Sorry if this post is misspelling... but I'm from Spain and my english level is poor...



Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, LLC