PT-2004-2448 · Zyxel · Zyxel Prestige

Published

2004-12-31

Updated

2017-07-11

CVE-2004-1540

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions ZyXEL Prestige versions 623, 650, and 652

Description The issue allows remote attackers to reset the router configuration file without a password when HTTP Remote Administration is enabled. This is due to the lack of password requirement to access the rpFWUpload.html file.

Recommendations For versions 623, 650, and 652, consider disabling HTTP Remote Administration until a fix is available to prevent unauthorized access to the router configuration.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2004-1540

Affected Products

Zyxel Prestige

PT-2004-2448 · Zyxel · Zyxel Prestige

CVE-2004-1540

Related Identifiers

Affected Products

References · 9