592 : ZyXEL Multiple Routers Default Administrator Password
Printer | http://osvdb.org/592 | Email This | Edit Vulnerability

Views This Week

178

Views All Time

4809

Info

Last Modified

4 months ago

Percent Complete

90%

Disclosure

Sep 12, 2002

Discovery

Unknown

Dates

Exploit

Sep 12, 2002

Solution

Unknown

Description

By default, Zyxel routers install with a default password. The administrative account has a password of 1234 which is publicly known and documented. This allows attackers to trivially access the program or system.

Classification

Location: Local / Remote
Attack Type: Authentication Management
Impact: Loss of Confidentiality
Solution: Workaround
Exploit: Exploit Available
Disclosure: Third Party Verified
OSVDB: Web Related

Solution

Immediately after installation, change all default install passwords to a unique and secure password. When possible, change default accounts to custom names as well.

Products

ZyXEL Communications Corporation	Prestige	100
		202
		642R
		642R-I

References

Bugtraq ID: 3161
Generic Informational URL: http://www.cirt.net/cgi-bin/passwd.pl?method=showven&ven=Zyxel
Other Advisory URL: http://archives.neohapsis.com/archives/bugtraq/2001-08/0101.html
http://www.procheckup.com/Hacking_ZyXEL_Gateways.pdf
ISS X-Force ID: 6968
CVE ID: 1999-0571 (see also: NVD)
Vendor URL: http://www.zyxel.com/

Tools & Filters

Nessus	10714 17304

Credit

Unknown or Incomplete

Blogs

Provided by Technorati

None found at this time

Comments

Add Comment Hide Add Comment

No Comments.

DONATE NOW!

User Status

Account
- Login
- Sign-Up

Quick Searches

Views This Week

Views All Time

Info

Last Modified

Percent Complete

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

ZyXEL Communications Corporation

Prestige

References

Tools & Filters

Credit

Blogs

Comments