ZyXEL Prestige 623, 650, and 652 HW Routers, and possibly other versions, with HTTP Remote Administration enabled, does not require a password to access rpFWUpload.html, which allows remote attackers to reset the router configuration file.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Prestige | Zyxel | 645r_a1 (including) | 645r_a1 (including) |
Prestige | Zyxel | 650h (including) | 650h (including) |
Prestige | Zyxel | 650hw (including) | 650hw (including) |
Prestige | Zyxel | 650hw_31 (including) | 650hw_31 (including) |
Prestige | Zyxel | 650r (including) | 650r (including) |
Zynos | Zyxel | 3.40 (including) | 3.40 (including) |
Zynos | Zyxel | is.3 (including) | is.3 (including) |
Zynos | Zyxel | is.5 (including) | is.5 (including) |