Bugtraq mailing list archives

BID 3161: other ZyXEL Prestige routers affected too

From: Daniel Roethlisberger <daniel () roe ch>
Date: Wed, 15 Aug 2001 20:47:02 +0200


I've received word that the ZyXEL Prestige 202 router has its
administrative telnet/FTP services open on the WAN side too, and
preconfigured filters are not applied and do not work properly if
applied as-is. In addition, I was able to check out an oldish
Prestige 100, and it too was vulnerable, same situation.

I suspect that the vast majority of ZyXEL Prestige family routers
have this problem. It is less of a problem with non-DSL routers
that are not online 24/7, but it is still dangerous enough in any
case. The issue must have been around for years...

The latest vulnerability info for BID 3161 is now:

Vulnerable:
  ZyXEL Prestige 100
  ZyXEL Prestige 202
  ZyXEL Prestige 642R
  ZyXEL Prestige 642R-I

Not Vulnerable:
  ZyXEL Prestige 642M
  ZyXEL Prestige 642M-I

If you have access to a ZyXEL router, check whether admin services
are open to the Internet, and let me know about the results. Thanks.

Cheers,
Dan


-- 
   Daniel Roethlisberger <daniel () roe ch>
   PGP Key ID 0x8DE543ED with fingerprint
   6C10 83D7 2BB8 D908 10AE  7FA3 0779 0355 8DE5 43ED

Current thread:

BID 3161: other ZyXEL Prestige routers affected too Daniel Roethlisberger (Aug 15)
- RE: BID 3161: other ZyXEL Prestige routers affected too Tracy Martin (Aug 15)