ZyXEL Prestige routers have a minimum password length for the admin account that is too small, which makes it easier for remote attackers to guess passwords via brute force methods.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Prestige_660 | Zyxel | h-d1 (including) | h-d1 (including) |
| Prestige_660 | Zyxel | h-d3 (including) | h-d3 (including) |
| Prestige_661 | Zyxel | hw-d1 (including) | hw-d1 (including) |
| Zynos | Zyxel | 3.40-agd.2 (including) | 3.40-agd.2 (including) |
| Zynos | Zyxel | 3.40-agl.3 (including) | 3.40-agl.3 (including) |
| Zynos | Zyxel | 3.40-ahq.0 (including) | 3.40-ahq.0 (including) |
| Zynos | Zyxel | 3.40-ahq.3 (including) | 3.40-ahq.3 (including) |
| Zynos | Zyxel | 3.40-ahz.0 (including) | 3.40-ahz.0 (including) |
| Zynos | Zyxel | 3.40-atm.0 (including) | 3.40-atm.0 (including) |
References
- http://www.gnucitizen.org/projects/router-hacking-challenge/
- http://www.procheckup.com/Hacking_ZyXEL_Gateways.pdf
- http://www.securityfocus.com/archive/1/489009/100/0/threaded
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41513
- http://www.gnucitizen.org/projects/router-hacking-challenge/
- http://www.procheckup.com/Hacking_ZyXEL_Gateways.pdf
- http://www.securityfocus.com/archive/1/489009/100/0/threaded
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41513