HTTP: ZyXEL Prestige 650 HW Router Information Leak
This signature detects attempts to access unprotected data on a ZyXEL Prestige 650 HW Router. Because the router firmware does not restrict access to a configuration page that is a part of the ZyXEL Prestige HTTP remote administration, attackers can remotely reset the router configuration.
Extended Description
ZyXEL Prestige router series is reported prone to an access validation vulnerability. The vulnerability exists because the firmware of the router fails to restrict access to a configuration page that is a part of the ZyXEL Prestige HTTP based remote administration service. A remote attacker may exploit this vulnerability to reset the configuration of the router.
Affected Products
Zyxel zynos,Zyxel prestige_650r
References
BugTraq: 11723
CVE: CVE-2004-1540
URL: http://www.zyxel.com/ http://www.securityfocus.com/archive/1/382231
Short Name
HTTP:INFO-LEAK:ZYXEL-PRESTIGE
Severity
Warning
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
650 CVE-2004-1540 HW Information Leak Prestige Router ZyXEL bid:11723
Release Date
03/07/2005
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Zyxel
CVSS Score
5.0