Info

Disclosure

Nov 21, 2004

Discovery

Unknown

Dates

Exploit

Nov 21, 2004

Solution

Unknown

Description

Several ZyXEL Prestige devices contains a flaw that may allow a malicious user to reset the device to its default configuration. The issue is triggered when getting through the Web interface the rpFWUpload.html web page, which is not restricted, and then clicking on the reset button. It is possible that the flaw may allow the attacker to reset the device configuration resulting in a loss of integrity.

Classification

Location: Remote / Network Access
Attack Type: Denial of Service
Impact: Loss of Integrity
Exploit: Exploit Public
OSVDB: Web Related

Solution

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Products

ZyXEL Communications Corporation	Firmware ZyNOS	IS.5
		IS.3
		3.40
	Prestige 623	Unknown or Unspecified
	Prestige 652	Unknown or Unspecified
	Prestige 650R	Unknown or Unspecified
	Prestige 650HW-31	Unknown or Unspecified
	Prestige 650H	Unknown or Unspecified
	Prestige 645R-A1	Unknown or Unspecified

References

Security Tracker: 1012298
Bugtraq ID: 11723
Secunia Advisory ID: 13278
ISS X-Force ID: 18202
CVE ID: 2004-1540 (see also: NVD)
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-11/0274.html
http://archives.neohapsis.com/archives/bugtraq/2004-11/0313.html
http://archives.neohapsis.com/archives/bugtraq/2004-11/0331.html
Vendor URL: http://www.zyxel.com

Credit

Francisco José Canela - darkydelphigmail.com -

Direct URL: http://osvdb.org/12108

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

ZyXEL Communications Corporation

Firmware ZyNOS

Prestige 623

Prestige 652

Prestige 650R

Prestige 650HW-31

Prestige 650H

Prestige 645R-A1

References

Credit