Info

Disclosure

Nov 21, 2004

Discovery

Unknown

Dates

Exploit

Nov 21, 2004

Solution

Unknown

Description

Several ZyXEL Prestige devices contains a flaw that may allow a malicious user to reset the device to its default configuration. The issue is triggered when getting through the Web interface the rpFWUpload.html web page, which is not restricted, and then clicking on the reset button. It is possible that the flaw may allow the attacker to reset the device configuration resulting in a loss of integrity.

Classification

Location: Remote/Network Access Required
Attack Type: Denial of Service
Impact: Loss of Integrity
Exploit: Exploit Available
OSVDB: Web Related

Solution

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Products

ZyXEL Communications Corporation	Prestige 623	Unknown or Unspecified
	Prestige 650H	Unknown or Unspecified
	Prestige 652	Unknown or Unspecified
	Prestige 645R-A1	Unknown or Unspecified
	Firmware ZyNOS	IS.5
		IS.3
		3.40
	Prestige 650R	Unknown or Unspecified
	Prestige 650HW-31	Unknown or Unspecified

References

Bugtraq ID: 11723
ISS X-Force ID: 18202
Secunia Advisory ID: 13278
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-11/0274.html
http://archives.neohapsis.com/archives/bugtraq/2004-11/0313.html
http://archives.neohapsis.com/archives/bugtraq/2004-11/0331.html
CVE ID: 2004-1540 (see also: NVD)
Security Tracker: 1012298
Vendor URL: http://www.zyxel.com

Credit

Francisco José Canela - darkydelphigmail.com -

Direct URL: http://osvdb.org/36218

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

ZyXEL Communications Corporation

Prestige 623

Prestige 650H

Prestige 652

Prestige 645R-A1

Firmware ZyNOS

Prestige 650R

Prestige 650HW-31

References

Credit