Network Security: Detailed info on Re: Router ZyXEL Prestige 650 HW http remote admin.

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Vuln-Dev

[Top] [All Lists]

Re: Router ZyXEL Prestige 650 HW http remote admin.

from [Steve Clement] Network Security

[Permanent Link]

Subject:	Re: Router ZyXEL Prestige 650 HW http remote admin.
Date:	Wed, 24 Nov 2004 01:10:30 +0100

Francisco José Canela wrote:

Hi, I found a bug in ZyXEL Prestige 650 HW Routers with Http Remote Administration active.

Prestige 623/652 are also vulnerable which is very sad, have you contacted Zyxel about it? If so, how patient have you been? This is really annoying because it is really easy to "exploit" and without a working firmware I will have to disable the Web Management on all my remote clients because it is "usuallly" on by default.

jeers,

Steve C

Exploting this bug, the attacker can reset the router configurantion.

The "/rpFWUpload.html" is not password protected. To exploit this bug you only 
need write that:

http://[Router ip]/rpFWUpload.html

and click the Reset button.

Sorry if this post is misspelling... but I'm from Spain and my english level is poor...

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Router ZyXEL Prestige 650 HW http remote admin., Josi Re: Router ZyXEL Prestige 650 HW http remote admin., Hugo van der Kooij Re: Router ZyXEL Prestige 650 HW http remote admin., Laurent Papier Re: Router ZyXEL Prestige 650 HW http remote admin., Steve Clement <=

Previous by Date:	Re: Changes to the filesystem while find is running - comments?, Casper . Dik
Next by Date:	[Full-Disclosure] FIREFOX flaws: nested array sort() loop Stack overflow exception, Berend-Jan Wever
Previous by Thread:	Re: Router ZyXEL Prestige 650 HW http remote admin., Laurent Papier
Next by Thread:	PHPKIT SQL Injection, XSS, Steve
Indexes:	[Date] [Thread] [Top] [All Lists]