| VID |
29101 |
| Severity |
40 |
| Port |
80 |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The ZyXEL Prestige router HTTP service allows unauthenticated access to router configuration pages. Prestige is a product line of DSL routers produced and distributed by ZyXEL. ZyXEL Prestige router series is vulnerable to an access validation vulnerability. The vulnerability exists because the firmware of the router fails to restrict access to a configuration page that is a part of the ZyXEL Prestige HTTP based remote administration service. By accessing to the affected page 'rpFWUpload.html', a remote attacker could employ the functionality provided by this page to reset the router configuration or upload malicious firmware to the appliance.
* References:
http://www.securityfocus.com/archive/1/381835
http://www.zyxel.com/
* Platforms Affected:
ZyXEL Prestige 645R-A1
ZyXEL Prestige 650H
ZyXEL Prestige 650HW
ZyXEL Prestige 650HW-31
ZyXEL Prestige 650R
ZyXEL ZyNOS IS.3
ZyXEL ZyNOS IS.5
ZyXEL ZyNOS V3.40(ES.5)
ZyXEL Prestige 650R-11
ZyXEL ZyNOS 3.40.0 |
| Recommendation |
No upgrade or patch available as of June 2014.
If it is not needed, disable the HTTP remote administration service, or restrict access to allow only trusted hosts. |
| Related URL |
(CVE) |
| Related URL |
11723 (SecurityFocus) |
| Related URL |
(ISS) |
|
