VAR-200301-0039
Vulnerability from variot - Updated: 2022-05-17 01:50ZyXEL DSL Modem is a broadband MODEM device developed and maintained by ZyXEL. The ZyXEL DSL Modem management interface has a pre-configured account that allows remote attackers to obtain sensitive information on the device. The ZyXEL DSL Modem has a default username and password. The user name is \"root\" and the password is \"1234\". You can log in to the modem's built-in FTP server to download data files containing sensitive information, such as spt.dat. The file contains the following information: - 0x20 The root password in clear- 0x40 SNMP Location- 0x60 Device name- 0x80 SNMP Sys Contact- 0xac SNMP read community- 0xcc SNMP read community- 0xec SNMP read community - 0x188 SUA Server IP address- 0x1c54 First PPPoE Account config name (Default: ChangeMe )- 0x1dde First PPPoe Username- 0x1dfe First PPPoe Password- 0x21dc Second PPPeE Account config name Use this information to make changes and reconfigure the device. This default account information may also be present in other ZyXEL DSL Series Modems. It has been reported that the administration interface on some ZyXEL devices, including the 642 and 645 series, is remotely accessible and pre-set with a default username and password. It is important to note that other ZyXEL devices may share this default account
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200301-0039",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "zyxel 642r",
"scope": null,
"trust": 0.6,
"vendor": "prestige",
"version": null
},
{
"model": "zyxel 642me",
"scope": null,
"trust": 0.6,
"vendor": "prestige",
"version": null
},
{
"model": "zyxel 642m-i",
"scope": null,
"trust": 0.6,
"vendor": "prestige",
"version": null
},
{
"model": "zyxel 642m",
"scope": null,
"trust": 0.6,
"vendor": "prestige",
"version": null
},
{
"model": "zyxel",
"scope": "eq",
"trust": 0.6,
"vendor": "prestige",
"version": "642"
},
{
"model": "prestige",
"scope": "eq",
"trust": 0.3,
"vendor": "zyxel",
"version": "645"
},
{
"model": "prestige 642r-i",
"scope": null,
"trust": 0.3,
"vendor": "zyxel",
"version": null
},
{
"model": "prestige 642r",
"scope": null,
"trust": 0.3,
"vendor": "zyxel",
"version": null
},
{
"model": "prestige 642me",
"scope": null,
"trust": 0.3,
"vendor": "zyxel",
"version": null
},
{
"model": "prestige 642m-i",
"scope": null,
"trust": 0.3,
"vendor": "zyxel",
"version": null
},
{
"model": "prestige 642m",
"scope": null,
"trust": 0.3,
"vendor": "zyxel",
"version": null
},
{
"model": "prestige",
"scope": "eq",
"trust": 0.3,
"vendor": "zyxel",
"version": "642"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2003-0259"
},
{
"db": "BID",
"id": "6671"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by http-equiv \u003chttp-equiv@malware.com\u003e.",
"sources": [
{
"db": "BID",
"id": "6671"
}
],
"trust": 0.3
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2003-0259",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "CNVD",
"id": "CNVD-2003-0259",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2003-0259"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ZyXEL DSL Modem is a broadband MODEM device developed and maintained by ZyXEL. The ZyXEL DSL Modem management interface has a pre-configured account that allows remote attackers to obtain sensitive information on the device. The ZyXEL DSL Modem has a default username and password. The user name is \\\"root\\\" and the password is \\\"1234\\\". You can log in to the modem\u0027s built-in FTP server to download data files containing sensitive information, such as spt.dat. The file contains the following information: - 0x20 The root password in clear- 0x40 SNMP Location- 0x60 Device name- 0x80 SNMP Sys Contact- 0xac SNMP read community- 0xcc SNMP read community- 0xec SNMP read community - 0x188 SUA Server IP address- 0x1c54 First PPPoE Account config name (Default: ChangeMe )- 0x1dde First PPPoe Username- 0x1dfe First PPPoe Password- 0x21dc Second PPPeE Account config name Use this information to make changes and reconfigure the device. This default account information may also be present in other ZyXEL DSL Series Modems. It has been reported that the administration interface on some ZyXEL devices, including the 642 and 645 series, is remotely accessible and pre-set with a default username and password. \nIt is important to note that other ZyXEL devices may share this default account",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2003-0259"
},
{
"db": "BID",
"id": "6671"
}
],
"trust": 0.81
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "6671",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2003-0259",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2003-0259"
},
{
"db": "BID",
"id": "6671"
}
]
},
"id": "VAR-200301-0039",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2003-0259"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2003-0259"
}
]
},
"last_update_date": "2022-05-17T01:50:39.722000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ZyXEL DSL Modem default remote administrator password vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/36241"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2003-0259"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=104335372103573\u0026w=2"
},
{
"trust": 0.3,
"url": "http://www.phenoelit.de/dpl/dpl.html"
},
{
"trust": 0.3,
"url": "/archive/1/308112"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2003-0259"
},
{
"db": "BID",
"id": "6671"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2003-0259"
},
{
"db": "BID",
"id": "6671"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2003-01-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2003-0259"
},
{
"date": "2003-01-23T00:00:00",
"db": "BID",
"id": "6671"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2003-01-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2003-0259"
},
{
"date": "2003-01-23T00:00:00",
"db": "BID",
"id": "6671"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "6671"
}
],
"trust": 0.3
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ZyXEL DSL Modem Default Remote Administrator Password Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2003-0259"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Configuration Error",
"sources": [
{
"db": "BID",
"id": "6671"
}
],
"trust": 0.3
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…