Members Login

Rss Feeds

Get our latest content via RSS feeds.

Report a Vulnerability

Report a vulnerability or exploit that you have found to SecuMania.
vul[at]SecuMania.org

 

Recommended Links

Latest Comments

I cant say I feel sorry for him, stupid spammer got what he deserved. We all know how it feels to op...
thanks smiley
hi webmaster,plz help me to find any information about account harvesting and traversal path attack ...
Hello Webmasters My name is Nikolai. I am making an organization for the protection internet users f...
good job you are the best . mgharba talmout :d
Hello, The reported problem has been fixed. Regards, Catalina Danila Online Rent Customer Supp...
Not Vulnerable: Luis Wang netOffice Dwins 1.3.1 visit website http://netofficedwins .sourceforge.ne...
Current version of script corrected. Security patch available to registered users in the user foru...
But i think to protect the password is not needed because it's not used in the SQL-Execute statement...
you may find that your hotfix doesnt stop the password field from having SQL injected into it. This ...

Who's Online

Total: 8
Members: 0 / Guests: 8
No members online

Packet Storm

Visits today: 49
Visits yesterday: 485
Visits month: 1446
Visits total: 255778
Pages total: 4764613
ZyXEL ZyWALL Quagga/Zebra (default pass) Remote Root Vulnerability Print E-mail
0
Friday, 21 March 2008

ZyXEL ZyWALL Quagga/Zebra (default pass) Remote Root Vulnerability
Author: Pranav Joshi
Date: 2008-03-21
Download: exploits , vulnerabilities , articles , ZyXEL ZyWALL Quagga/Zebra (default pass) Remote Root Vulnerability

Name: ZyXEL ZyWALL Quagga/Zebra Remote Root Vulnerability
Release Date: 10 March 2008
Discover: Pranav Joshi <joshipranav@gmail.com>
Vendor: ZyXEL
Products Affected: ZyWALL
 
(Status on other affected products & firmwares pending from vendor’s end)
 
 CVE-2008-1160
 
 BID 28184
 
---------------------------
 
Technical Details
 
---------------------------
 
The vulnerability in the Quagga/Zebra routing daemon, exists due to the 
fact that the appliance fails to change the password needed to login 
into the Quagga/Zebra daemon running on ports 2601, 2602 (Quagga/RIP) & 
2604 (Quagga/OSPF) /TCP, even though the password of the appliance has 
been changed an attacker can still use the default password ‘zebra’ to 
log into the Quagga/Zebra service to view and manipulate the routing 
information etc. of the appliance. 
 
The vulnerability was discovered on ZyWall 1050 appliance other versions 
could be affected as well. 
 
Information on other vulnerable products and firmwares is pending from 
the vendor’s end. 
 

Hits: 1579
Comments (0)add
Write comment
quote
bold
italicize
underline
strike
url
image
quote
quote
smile
wink
laugh
grin
angry
sad
shocked
cool
tongue
kiss
cry
smaller | bigger

security image
Write the displayed characters


busy
 
< Prev   Next >

Polls

How do you rate the SecuMania Security Portal?
 

Web Design & Development