Re: Router ZyXEL Prestige 650 HW http remote admin.

To: "Francisco \"José\" Canela" <darkydelphi@xxxxxxxxx>
Subject: Re: Router ZyXEL Prestige 650 HW http remote admin.
From: Steve Clement <steve@xxxxxx>
Date: Wed, 24 Nov 2004 01:10:30 +0100
Cc: bugtraq@xxxxxxxxxxxxxxxxx
In-reply-to: <20041121224249.26481.qmail@xxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <20041121224249.26481.qmail@xxxxxxxxxxxxxxxxxxxxx>
User-agent: Mozilla Thunderbird 0.8 (Windows/20040913)

Francisco José Canela wrote:

Hi, I found a bug in ZyXEL Prestige 650 HW Routers with Http Remote Administration active.

Prestige 623/652 are also vulnerable which is very sad, have youcontacted Zyxel about it? If so, how patient have you been?This is really annoying because it is really easy to "exploit" andwithout a working firmware I will have to disable the Web Management onall my remote clients because it is "usuallly" on by default.


jeers,

Steve C

Exploting this bug, the attacker can reset the router configurantion.

The "/rpFWUpload.html" is not password protected. To exploit this bug you only 
need write that:

http://[Router ip]/rpFWUpload.html

and click the Reset button.


Sorry if this post is misspelling... but I'm from Spain and my english level is 
poor...

References:
- Router ZyXEL Prestige 650 HW http remote admin.
  - From: José

Prev by Date: Re: Changes to the filesystem while find is running - comments?
Next by Date: Prozilla Remote Exploit
Previous by thread: Re: Router ZyXEL Prestige 650 HW http remote admin.
Next by thread: PHPKIT SQL Injection, XSS
Index(es):
- Date
- Thread