| VID |
29106 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The ZyXEL Prestige router HTTP service has a default username/password combination. It has been reported that the administration interface on some ZyXEL devices, including the 642 and 645 series, is remotely accessible and pre-set with a default username and password. A remote attacker with knowledge of this account could connect to an affected device using the web interface to gain unauthorized access and reconfigure the device.
* References:
http://archives.neohapsis.com/archives/bugtraq/2003-01/0237.html
* Platforms Affected:
ZyXEL Communications Company, ZyXEL Prestige 642 and 645 Series |
| Recommendation |
Set up the default password to a value that is difficult to guess immediately. |
| Related URL |
CVE-1999-0571,CVE-2001-1135 (CVE) |
| Related URL |
6671 (SecurityFocus) |
| Related URL |
11140 (ISS) |
|
