Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

ZyXEL ZyWALL Quagga/Zebra (default pass) Remote Root Vulnerability

🗓️ 21 Mar 2008 00:00:00Reported by Pranav JoshiType 
zdt
 zdt🔗 0day.today👁 29 Views

ZyXEL ZyWALL Quagga/Zebra Remote Root Vulnerability in Default Pass

Related
Code
ReporterTitlePublishedViews
Family
BDU FSTEC		The vulnerability of the Zyxel ZLD operating system allows a remote attacker to escalate their privileges.
7 Jul 201600:00
bdu_fstec
Circl		CVE-2008-1160
21 Mar 200800:00
circl
CVE		CVE-2008-1160
25 Mar 200800:00
cve
Cvelist		CVE-2008-1160
25 Mar 200800:00
cvelist
Exploit DB		ZYXEL ZyWALL Quagga/Zebra - 'Default Password' Remote Code Execution
21 Mar 200800:00
exploitdb
exploitpack		ZYXEL ZyWALL QuaggaZebra - Default Password Remote Code Execution
21 Mar 200800:00
exploitpack
NVD		CVE-2008-1160
25 Mar 200800:44
nvd
Prion		Hardcoded credentials
25 Mar 200800:44
prion
Positive Technologies		PT-2008-1001 · Zyxel +1 · Zywall Usg 300 +3
24 Mar 200800:00
ptsecurity
securityvulns		ZyXEL ZyWALL Quagga/Zebra Remote Root Vulnerability
22 Mar 200800:00
securityvulns
Rows per page
==================================================================
ZyXEL ZyWALL Quagga/Zebra (default pass) Remote Root Vulnerability
==================================================================




Name: ZyXEL ZyWALL Quagga/Zebra Remote Root Vulnerability
Release Date: 10 March 2008
Discover: Pranav Joshi <[email protected]>
Vendor: ZyXEL
Products Affected: ZyWALL

(Status on other affected products & firmwares pending from vendor’s end)

 CVE-2008-1160

 BID 28184

---------------------------

Technical Details

---------------------------

The vulnerability in the Quagga/Zebra routing daemon, exists due to the 
fact that the appliance fails to change the password needed to login 
into the Quagga/Zebra daemon running on ports 2601, 2602 (Quagga/RIP) & 
2604 (Quagga/OSPF) /TCP, even though the password of the appliance has 
been changed an attacker can still use the default password ‘zebra’ to 
log into the Quagga/Zebra service to view and manipulate the routing 
information etc. of the appliance. 

The vulnerability was discovered on ZyWall 1050 appliance other versions 
could be affected as well. 

Information on other vulnerable products and firmwares is pending from 
the vendor’s end. 



#  0day.today [2018-03-02]  #

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
21 Mar 2008 00:00Current
7.1High risk
Vulners AI Score7.1
EPSS0.16288
zyxelquagga/zebraremote rootvulnerabilitydefault passpranav joshizywallcve-2008-1160bid 28184routing daemonzywall 1050
29