zyxel prestige Security Vulnerabilities

6 Vulnerabilities

Description
ZyXEL Prestige 642R and 642R-I routers do not filter the routers' Telnet and FTP ports on the external WAN interface from inside access, allowing someone on an internal computer to reconfigure the router, if the password is known. Impacted versions: 642r Base Score: 7.5, Severity: HIGH, ID: CVE-2001-1135, Last Modified: 2017-12-19T02:29:00Z References Vendor Advisory Vendor Advisory Vendor Advisory
ZyXEL Prestige 623, 650, and 652 HW Routers, and possibly other versions, with HTTP Remote Administration enabled, does not require a password to access rpFWUpload.html, which allows remote attackers to reset the router configuration file. Impacted versions: 650hw, 650hw_31, 645r_a1, 650r, 650h Base Score: 5.0, Severity: MEDIUM, ID: CVE-2004-1540, Last Modified: 2017-07-11T01:31:00Z References Vendor Advisory Exploit Exploit
Zyxel P681 running ZyNOS Vt020225a contains portions of memory in an ARP request, which allows remote attackers to obtain sensitive information by sniffing the network. Impacted versions: 681 Base Score: 5.0, Severity: MEDIUM, ID: CVE-2004-1684, Last Modified: 2017-07-11T01:31:00Z References Vendor Advisory
Prestige 650HW-31 running Rompager 4.7 software allows remote attackers to cause a denial of service (device reboot) via a long password. Impacted versions: 650r_11, 650hw_31 Base Score: 5.0, Severity: MEDIUM, ID: CVE-2004-0670, Last Modified: 2017-07-11T01:30:00Z References Vendor Advisory
ZyXEL Prestige 642R 2.50(FA.1) and Prestige 310 V3.25(M.01), allows remote attackers to cause a denial of service via an oversized, fragmented "jolt" style ICMP packet. Impacted versions: 310, 642r Base Score: 5.0, Severity: MEDIUM, ID: CVE-2002-1072, Last Modified: 2008-09-05T20:29:00Z References Vendor Advisory Exploit Exploit
ZyXEL Prestige 642R allows remote attackers to cause a denial of service in the Telnet, FTP, and DHCP services (crash) via a TCP packet with both the SYN and ACK flags set. Impacted versions: 310, 642r Base Score: 5.0, Severity: MEDIUM, ID: CVE-2002-1071, Last Modified: 2008-09-05T20:29:00Z References Patch Patch Exploit Exploit Exploit

Description

ZyXEL Prestige 642R and 642R-I routers do not filter the routers' Telnet and FTP ports on the external WAN interface from inside access, allowing someone on an internal computer to reconfigure the router, if the password is known.

Impacted versions: 642r

Base Score: 7.5, Severity: HIGH, ID: CVE-2001-1135, Last Modified: 2017-12-19T02:29:00Z

References

Vendor Advisory Vendor Advisory Vendor Advisory

ZyXEL Prestige 623, 650, and 652 HW Routers, and possibly other versions, with HTTP Remote Administration enabled, does not require a password to access rpFWUpload.html, which allows remote attackers to reset the router configuration file.

Impacted versions: 650hw, 650hw_31, 645r_a1, 650r, 650h

Base Score: 5.0, Severity: MEDIUM, ID: CVE-2004-1540, Last Modified: 2017-07-11T01:31:00Z

References

Vendor Advisory Exploit Exploit

Zyxel P681 running ZyNOS Vt020225a contains portions of memory in an ARP request, which allows remote attackers to obtain sensitive information by sniffing the network.

Impacted versions: 681

Base Score: 5.0, Severity: MEDIUM, ID: CVE-2004-1684, Last Modified: 2017-07-11T01:31:00Z

References

Vendor Advisory

Prestige 650HW-31 running Rompager 4.7 software allows remote attackers to cause a denial of service (device reboot) via a long password.

Impacted versions: 650r_11, 650hw_31

Base Score: 5.0, Severity: MEDIUM, ID: CVE-2004-0670, Last Modified: 2017-07-11T01:30:00Z

References

Vendor Advisory

ZyXEL Prestige 642R 2.50(FA.1) and Prestige 310 V3.25(M.01), allows remote attackers to cause a denial of service via an oversized, fragmented "jolt" style ICMP packet.

Impacted versions: 310, 642r

Base Score: 5.0, Severity: MEDIUM, ID: CVE-2002-1072, Last Modified: 2008-09-05T20:29:00Z

References

Vendor Advisory Exploit Exploit

ZyXEL Prestige 642R allows remote attackers to cause a denial of service in the Telnet, FTP, and DHCP services (crash) via a TCP packet with both the SYN and ACK flags set.

Impacted versions: 310, 642r

Base Score: 5.0, Severity: MEDIUM, ID: CVE-2002-1071, Last Modified: 2008-09-05T20:29:00Z

References

Patch Patch Exploit Exploit Exploit

USAGE: Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.