It seems Netgear isn’t alone in putting out insecure router hardware.
Security firm SecuriTeam published a report on four security flaws affecting three router models manufactured by ZyXEL.
The three router models and vulnerabilities are:
- Unauthenticated remote command execution vulnerability – P660HN-T v1 router
- Unauthenticated remote command execution vulnerability – Billion 5200W-T
- Authenticated remote command execution vulnerability – Billion 5200W-T
- Unauthenticated remote command execution vulnerability – P660HN-T v2
These flaws allow an attacker to take control of affected products by issuing maliciously-crafted HTTP requests. Furthermore, the routers also come with simplistic username and password combinations that are easy to guess. Proof of concept code has been released by SecuriTeam. Which means that hackers are working to come up with attack code that will be used to pwn anyone who has one of these routers.
Here’s the part that should really bother anyone who ones one of these ZyXEL routers:
We notified ZyXEL of the vulnerabilities back in July 2016, repeated attempts to re-establish contact and get some answer on the status of the patches for these vulnerabilities went unanswered. At this time there is no solution or workaround for these vulnerabilities.
That lack of response alone should make any owner of ZyXEL hardware think twice about owning their products. Seeing as these are unpatched flaws (though one suspects that with this bad press, fixes are on the way), your best deference is to stop using the affected products until a fix comes out. Or better yet, use a router from a company who doesn’t have to be shamed into fixing security issues.
Like this:
Like Loading...
Related
This entry was posted on December 28, 2016 at 3:34 pm and is filed under Commentary with tags ZyXEL. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
ZyXEL Has Unpatched Flaws In Their Router Hardware
It seems Netgear isn’t alone in putting out insecure router hardware.
Security firm SecuriTeam published a report on four security flaws affecting three router models manufactured by ZyXEL.
The three router models and vulnerabilities are:
These flaws allow an attacker to take control of affected products by issuing maliciously-crafted HTTP requests. Furthermore, the routers also come with simplistic username and password combinations that are easy to guess. Proof of concept code has been released by SecuriTeam. Which means that hackers are working to come up with attack code that will be used to pwn anyone who has one of these routers.
Here’s the part that should really bother anyone who ones one of these ZyXEL routers:
We notified ZyXEL of the vulnerabilities back in July 2016, repeated attempts to re-establish contact and get some answer on the status of the patches for these vulnerabilities went unanswered. At this time there is no solution or workaround for these vulnerabilities.
That lack of response alone should make any owner of ZyXEL hardware think twice about owning their products. Seeing as these are unpatched flaws (though one suspects that with this bad press, fixes are on the way), your best deference is to stop using the affected products until a fix comes out. Or better yet, use a router from a company who doesn’t have to be shamed into fixing security issues.
Share this:
Like this:
Related
This entry was posted on December 28, 2016 at 3:34 pm and is filed under Commentary with tags ZyXEL. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.