ID CVE-2017-7964Type cveReporter cve@mitre.orgModified 2019-10-03T00:03:00
Description
Zyxel WRE6505 devices have a default TELNET password of 1234 for the root and admin accounts, which makes it easier for remote attackers to conduct DNS hijacking attacks by reconfiguring the built-in dnshijacker process.
{"id": "CVE-2017-7964", "bulletinFamily": "NVD", "title": "CVE-2017-7964", "description": "Zyxel WRE6505 devices have a default TELNET password of 1234 for the root and admin accounts, which makes it easier for remote attackers to conduct DNS hijacking attacks by reconfiguring the built-in dnshijacker process.", "published": "2017-04-19T16:59:00", "modified": "2019-10-03T00:03:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7964", "reporter": "cve@mitre.org", "references": ["https://www.oxy-gen.mobi/blog.html"], "cvelist": ["CVE-2017-7964"], "type": "cve", "lastseen": "2019-10-04T12:19:25", "history": [{"bulletin": {"affectedSoftware": [{"name": "zyxel wre6505_firmware", "operator": "le", "version": "v1.00(aaqb.3)c0"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cvelist": ["CVE-2017-7964"], "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 6.0}, "cwe": ["CWE-255"], "description": "Zyxel WRE6505 devices have a default TELNET password of 1234 for the root and admin accounts, which makes it easier for remote attackers to conduct DNS hijacking attacks by reconfiguring the built-in dnshijacker process.", "edition": 1, "enchantments": {"dependencies": {"modified": "2019-05-29T18:17:11", "references": []}, "score": {"modified": "2019-05-29T18:17:11", "value": 6.5, "vector": "NONE"}}, "hash": "dc83a24c74898a19e7efd728df80b82e8f0015d04a876d11d4cc4817e48f3502", "hashmap": [{"hash": "0566be278feb00bebf2688f255a0b133", "key": "title"}, {"hash": "729f98bc4a65b3e0e24ddfee3d3c4450", "key": "cvss2"}, {"hash": "8811a0271a46e9e33c1feb13d7b1de94", "key": "href"}, {"hash": "af109a5c03dc7ecf2bbf2b3018f45f97", "key": "modified"}, {"hash": "d01af8bf0b4da27d234d7c2ae06bb604", "key": "published"}, {"hash": "edfca85c4c320ffaa9dcfdcb6a20ce1d", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "149fdade3e19a6df10284c24939a7439", "key": "description"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "c7f408ea684bf76eed6e1115d47afda1", "key": "affectedSoftware"}, {"hash": "cc03f0f13c5b7a13cd38f730cca5a70f", "key": "cwe"}, {"hash": "8623a4b43b8a53a7629cacc21885a8f3", "key": "cvss3"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "b1437c706e015d9d6a8f1092569655fd", "key": "cvelist"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "3f389c61308bb13b1bf5622d743f6ec3", "key": "references"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7964", "id": "CVE-2017-7964", "lastseen": "2019-05-29T18:17:11", "modified": "2017-04-25T18:54:00", "objectVersion": "1.3", "published": "2017-04-19T16:59:00", "references": ["https://www.oxy-gen.mobi/blog.html"], "reporter": "cve@mitre.org", "title": "CVE-2017-7964", "type": "cve", "viewCount": 0}, "differentElements": ["modified", "cwe"], "edition": 1, "lastseen": "2019-05-29T18:17:11"}], "edition": 2, "hashmap": [{"key": "affectedSoftware", "hash": "c7f408ea684bf76eed6e1115d47afda1"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cpe23", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvelist", "hash": "b1437c706e015d9d6a8f1092569655fd"}, {"key": "cvss", "hash": "edfca85c4c320ffaa9dcfdcb6a20ce1d"}, {"key": "cvss2", "hash": "729f98bc4a65b3e0e24ddfee3d3c4450"}, {"key": "cvss3", "hash": "8623a4b43b8a53a7629cacc21885a8f3"}, {"key": "cwe", "hash": "ca12dc9277f9761120164d28bbe9f3c2"}, {"key": "description", "hash": "149fdade3e19a6df10284c24939a7439"}, {"key": "href", "hash": "8811a0271a46e9e33c1feb13d7b1de94"}, {"key": "modified", "hash": "1f0cc7832f07ee78350b613e89af69f8"}, {"key": "published", "hash": "d01af8bf0b4da27d234d7c2ae06bb604"}, {"key": "references", "hash": "3f389c61308bb13b1bf5622d743f6ec3"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "0566be278feb00bebf2688f255a0b133"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "30dea5821d6910c505bf556063c9f42b99eaa536e33b5c354724c332ed696d42", "viewCount": 0, "enchantments": {"dependencies": {"references": [], "modified": "2019-10-04T12:19:25"}, "score": {"value": 6.5, "vector": "NONE", "modified": "2019-10-04T12:19:25"}, "vulnersScore": 6.5}, "objectVersion": "1.3", "cpe": [], "affectedSoftware": [{"name": "zyxel wre6505_firmware", "operator": "le", "version": "v1.00(aaqb.3)c0"}], "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 6.0}, "cpe23": [], "cwe": ["CWE-1188"], "scheme": null}
{}
