CVE-2008-1160

Name of the Vulnerable Software and Affected Versions ZyXEL ZyWALL 1050 (affected versions not specified) ZyXEL ZyWALL USG 300 (affected versions not specified)

Description The issue is related to a hard-coded password for the Quagga and Zebra processes in the ZyXEL ZyWALL firewall/router operating system. This password is not changed when a user sets a new password, allowing remote attackers to gain privileges by using the old password. The Quagga and Zebra processes continue to respond to requests formed with the old password.

Recommendations For ZyXEL ZyWALL 1050, consider disabling the Quagga and Zebra processes until a patch is available to prevent remote attackers from gaining privileges. For ZyXEL ZyWALL USG 300, restrict access to the system to minimize the risk of exploitation by remote attackers using the old password. At the moment, there is no information about a newer version that contains a fix for this vulnerability.