|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Daniel Roethlisberger (daniel
roe.ch)Date: Wed Aug 15 2001 - 13:47:02 CDT
I've received word that the ZyXEL Prestige 202 router has its
administrative telnet/FTP services open on the WAN side too, and
preconfigured filters are not applied and do not work properly if
applied as-is. In addition, I was able to check out an oldish
Prestige 100, and it too was vulnerable, same situation.
I suspect that the vast majority of ZyXEL Prestige family routers
have this problem. It is less of a problem with non-DSL routers
that are not online 24/7, but it is still dangerous enough in any
case. The issue must have been around for years...
The latest vulnerability info for BID 3161 is now:
Vulnerable:
ZyXEL Prestige 100
ZyXEL Prestige 202
ZyXEL Prestige 642R
ZyXEL Prestige 642R-I
Not Vulnerable:
ZyXEL Prestige 642M
ZyXEL Prestige 642M-I
If you have access to a ZyXEL router, check whether admin services
are open to the Internet, and let me know about the results. Thanks.
Cheers,
Dan
-- Daniel Roethlisberger <daniel
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]