Description
ZyXEL Prestige 623, 650, and 652 HW Routers, and possibly other versions, with HTTP Remote Administration enabled, does not require a password to access rpFWUpload.html, which allows remote attackers to reset the router configuration file.
Product(s):
- Zyxel Prestige 645R A1
- Zyxel Prestige 650H
- Zyxel Prestige 650HW
- Zyxel Prestige 650HW-31
- Zyxel Prestige 650R
- Zyxel Zynos 3.40
- Zyxel Zynos IS.3
- Zyxel Zynos IS.5
Question to Ask Vendors:
- Can you confirm whether your systems are affected by CVE-2004-1540, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-2004-1540 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions:
- Check out the advisory links provided below.