lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <41A3D176.9010107@ion.lu>
Date: Wed, 24 Nov 2004 01:10:30 +0100
From: Steve Clement <steve@....lu>
To: "Francisco \"José\" Canela" <darkydelphi@...il.com>
Cc: bugtraq@...urityfocus.com
Subject: Re: Router ZyXEL Prestige 650 HW http remote admin.


Francisco José Canela wrote:

>Hi, I found a bug in ZyXEL Prestige 650 HW Routers with Http Remote Administration active. 
>
>  
>
Prestige 623/652 are also vulnerable which is very sad, have you 
contacted Zyxel about it? If so, how patient have you been?
This is really annoying because it is really easy to "exploit" and 
without a working firmware I will have to disable the Web Management on 
all my remote clients because it is "usuallly" on by default.

jeers,

Steve C

>Exploting this bug, the attacker can reset the router configurantion.
>
>The "/rpFWUpload.html" is not password protected. To exploit this bug you only need write that:
>
>http://[Router ip]/rpFWUpload.html
>
>and click the Reset button.
>
>
>Sorry if this post is misspelling... but I'm from Spain and my english level is poor...
>  
>

Powered by blists - more mailing lists