Signature Detail

Short Name	FTP:EXPLOIT:ZYXEL-CONF-GET
Severity	High
Recommended	No
Recommended Action	Drop
Category	FTP
Keywords	Zyxel Configuration File Request
Release Date	2003/04/22
Update Number	1213
Supported Platforms	idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

FTP: Zyxel Configuration File Request

This signature detects attempts to exploit a known vulnerability in Zyxel Prestige 600 Series DSL CPE device. Using a default password, attackers can access and download device configuration files using FTP.

Extended Description

In the default factory configuration settings, Prestige routers have the administrative Telnet and FTP services available on the WAN interface. ZyXEL also uses a single common default administrator password. On a Prestige router with the default password still set, any user can connect remotely and make configuration changes, firmware upgrades, and password changes.

Affected Products

ZyXEL Prestige 100
ZyXEL Prestige 202
ZyXEL Prestige 642R
ZyXEL Prestige 642R-I

References

BugTraq: 3161
CVE: CVE-1999-0571
URL: http://archives.neohapsis.com/archives/bugtraq/2001-08/0101.html
URL: http://xforce.iss.net/xforce/xfdb/6968

Signature Detail

Short Name

Severity

Recommended

Recommended Action

Category

Keywords

Release Date

Update Number

Supported Platforms

FTP: Zyxel Configuration File Request

Extended Description

Affected Products

References