Info

Disclosure

Sep 12, 2002

Discovery

Unknown

Dates

Exploit

Sep 12, 2002

Solution

Unknown

Description

By default, Zyxel routers install with a default password. The administrative account has a password of 1234 which is publicly known and documented. This allows attackers to trivially access the program or system.

Classification

Location: Local / Remote
Attack Type: Authentication Management
Impact: Loss of Confidentiality
Solution: Workaround
Exploit: Exploit Public
Disclosure: Third-party Verified
OSVDB: Web Related

Solution

Immediately after installation, change all default install passwords to a unique and secure password. When possible, change default accounts to custom names as well.

Products

ZyXEL Communications Corporation	Prestige	100
		202
		642R
		642R-I

References

CVE ID: 1999-0571 (see also: NVD)
Bugtraq ID: 3161
ISS X-Force ID: 6968
Other Advisory URL: http://archives.neohapsis.com/archives/bugtraq/2001-08/0101.html
http://www.procheckup.com/Hacking_ZyXEL_Gateways.pdf
Generic Informational URL: http://www.cirt.net/cgi-bin/passwd.pl?method=showven&ven=Zyxel
Vendor URL: http://www.zyxel.com/

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/592

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

ZyXEL Communications Corporation

Prestige

References

Credit