Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Network Appliances :: bx2041.htm

ZyXEL Gateways Vulnerability Research:
ZyXEL Gateways Vulnerability Research:
ZyXEL Gateways Vulnerability Research:

This paper is the result of various security assessments performed on 
several ZyXEL Prestige devices in both, a controlled environment 
(computer lab) and production environments during several penetration tests.

There are two types of attacks featured in this paper which we believe 
might be potentially new:

- Persistent XSS via SNMP
- Remote wardriving over the Internet

Additionally, the paper is full of other goodies such as:

- Privilege escalation: it allows retrieving administrative settings 
(i.e.: WEP key, ISP and dynamic DNS credentials) and also altering such 

- SNMP read and SNMP *write* access enabled by default: not only we 
demonstrate  how to change settings but we also show how to obtain the 
credentials for the Dynamic DNS service in cleartext

- Poor session management allows hijacking of admin sessions

- Authentication vulnerable to replay and password cracking attacks

- Disclosure of credentials: several types of credentials travel in the 
clear when being submitted by the user, and also when being returned 
from the web interface back to the browser 

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH