ZyWALL Quagga and Zebra default password
| zywall-quagga-zebra-default-password (41424) |  High Risk |
Description:
ZyWALL contains a hard-coded default password for the Quagga and Zebra routing processes. A remote attacker could exploit this vulnerability to view or make unauthorized changes to routing configurations on the device.
Platforms Affected:
- ZyXEL, ZyWALL 1050
Remedy:
No remedy available as of August 30, 2008.
Consequences:
Gain Access
References:
- packet storm Web site, ZyXEL ZyWALL Quagga/Zebra Remote Root Vulnerability at http://packetstormsecurity.org/0803-exploits/ZyWALL.pdf.
- ZyXELGuard Web site, ZyXEL ZyWALL 1050 Security Appliance at http://www.zyxelguard.com/ZyWALL-1050.asp.
- BID-28184: ZyXEL ZyWALL Quagga And Zebra Processes Default Account Password Vulnerability
- CVE-2008-1160: ZyXEL ZyWALL 1050 has a hard-coded password for the Quagga and Zebra processes that is not changed when it is set by a user, which allows remote attackers to gain privileges.
- FrSIRT/ADV-2008-0990: ZyXEL ZyWALL Default Quagga/Zebra Password Vulnerability
- SA29237: ZyXEL ZyWALL 1050 Undocumented Account Security Issue
Reported:
Mar 10, 2008
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
Copyright (c) 1994-2008 Internet Security Systems, Inc. All rights reserved worldwide.
For corrections or additions please email xforce@iss.net