Thursday, 15 October 2015

ZyXEL Routers Vulnerable To Password '1234'

Different routers manufacturer ZyXEL contain multiple vulnerabilities, including a weak default password, which allows remote attackers access to the devices can get. It says the CERT Coordination Center (CERT / CC) at Carnegie Mellon University.

The first problem concerns the default password "1234" for the administrator account on the ZyXEL P-660HW-T1 v2, PMG5318-B20A and NBG-418N. The latter model is also sold in the Netherlands. There are many more models that share the same password. Further, the P-660HW-T1 v2 vulnerable to cross-site scripting.

The PMG5318-B20A show imports of users not to check well, allowing an attacker could execute commands with root privileges, and this router shows users do not log out properly. Even if the user is logged off, the session remains active at least one hour, where an attacker can abuse it. The PMG5318-B20A proves not further restrict the normal user. Therefore, a normal user has full administrative access, instead of limited access.

ZyXEL has remedied some of the problems via firmware updates, and this month will overcome some of the other vulnerabilities. In addition, certain models are no longer supported. Regarding the weak default password of "1234" enables ZyXEL users be wise to change the password after the first login. In different models would be the setting of a new password in the meantime are required.

No comments:

Post a Comment