Details of VAR-E-201311-0198

ID

VAR-E-201311-0198

TITLE

ZyXEL GS1510-16 'webctrl.cgi' Remote Password Disclosure Vulnerability

Trust: 0.3

sources: BID: 64646

DESCRIPTION

ZyXEL GS1510-16 is prone to a password-disclosure vulnerability.
Attackers can exploit this issue to gain access to administrator password that may lead to further attacks.

Trust: 0.3

sources: BID: 64646

AFFECTED PRODUCTS

vendor:

zyxel

model:

gs1510-16

scope:

version:

Trust: 0.3

sources: BID: 64646

EXPLOIT

Attackers can exploit this issue using browser or readily available tools.
The following metasploit exploit code is available:
Bullet list:
<li><a href="/data/vulnerabilities/exploits/64646.rb">/data/vulnerabilities/exploits/64646.rb</a></li>

Trust: 0.3

sources: BID: 64646

PRICE

Free

Trust: 0.3

sources: BID: 64646

TYPE

Design Error

Trust: 0.3

sources: BID: 64646

CREDITS

Daniel Manser and Sven Vetsch

Trust: 0.3

sources: BID: 64646

EXTERNAL IDS

db:

BID

id:

64646

Trust: 0.3

sources: BID: 64646

REFERENCES

url:	http://www.zyxel.com/in/en/news/press_room_20101206_612871.shtml	Trust: 0.3
url:	https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/http/zyxel_admin_password_extractor.rb	Trust: 0.3
url:	https://github.com/rapid7/metasploit-framework/pull/2709	Trust: 0.3

sources: BID: 64646

SOURCES

db:

BID

id:

64646

LAST UPDATE DATE

2022-07-27T09:56:38.862000+00:00

SOURCES UPDATE DATE

db:

BID

id:

64646

date:

2013-11-29T00:00:00

SOURCES RELEASE DATE

db:

BID

id:

64646

date:

2013-11-29T00:00:00