Sign-up

ID

VAR-200803-0332


CVE

CVE-2008-1160


TITLE

ZyXEL ZyWALL  Privilege Acquisition Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2008-005542

DESCRIPTION

ZyXEL ZyWALL 1050 has a hard-coded password for the Quagga and Zebra processes that is not changed when it is set by a user, which allows remote attackers to gain privileges. ZyXEL ZyWALL 1050 devices contain a default password for their Quagga and Zebra daemon processes. The device fails to change the default password when a legitimate user sets a new password. Attackers can use this default password to gain unauthorized access to the device. By gaining administrative access to Quagga or Zebra, an attacker can modify network routes on the device, possibly redirecting traffic or denying network service to legitimate users. The attacker may also be able to exploit latent vulnerabilities in the daemon itself. ZyWALL 1050 is vulnerable; other devices may also be affected. ---------------------------------------------------------------------- A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched. Download and test it today: https://psi.secunia.com/ Read more about this new version: https://psi.secunia.com/?page=changelog ---------------------------------------------------------------------- TITLE: ZyXEL ZyWALL 1050 Undocumented Account Security Issue SECUNIA ADVISORY ID: SA29237 VERIFY ADVISORY: http://secunia.com/advisories/29237/ CRITICAL: Less critical IMPACT: Security Bypass WHERE: >From local network OPERATING SYSTEM: ZyXEL ZyWALL Series http://secunia.com/product/147/ DESCRIPTION: Pranav Joshi has reported a security issue in ZyXEL ZyWALL 1050, which can be exploited by malicious people to bypass certain security restrictions. This can be exploited to gain access to the quagga daemon (TCP ports 2601, 2602, and 2604) and e.g. view and manipulate routing information. The security issue is reported in ZyXEL ZyWALL 1050. SOLUTION: Restrict network access to the affected services. PROVIDED AND/OR DISCOVERED BY: Pranav Joshi ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 1.98

sources: NVD: CVE-2008-1160 // JVNDB: JVNDB-2008-005542 // BID: 28184 // PACKETSTORM: 64888

AFFECTED PRODUCTS

vendor:zyxelmodel:zywallscope:eqversion:1050

Trust: 1.4

vendor:zyxelmodel:zywall 1050scope:eqversion: -

Trust: 1.0

vendor:zyxelmodel:zywallscope:eqversion: -

Trust: 0.8

vendor:zyxelmodel:zywallscope:eqversion:10500

Trust: 0.3

sources: BID: 28184 // JVNDB: JVNDB-2008-005542 // CNNVD: CNNVD-200803-393 // NVD: CVE-2008-1160

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2008-1160
value: CRITICAL

Trust: 1.0

NVD: CVE-2008-1160
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-200803-393
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2008-1160
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

nvd@nist.gov: CVE-2008-1160
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2008-1160
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2008-005542 // CNNVD: CNNVD-200803-393 // NVD: CVE-2008-1160

PROBLEMTYPE DATA

problemtype:CWE-798

Trust: 1.0

problemtype:Use hard-coded credentials (CWE-798) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2008-005542 // NVD: CVE-2008-1160

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200803-393

TYPE

Design Error

Trust: 0.9

sources: BID: 28184 // CNNVD: CNNVD-200803-393

PATCH

title:Top Pageurl:http://www.zyxel.com/

Trust: 0.8

sources: JVNDB: JVNDB-2008-005542

EXTERNAL IDS

db:NVDid:CVE-2008-1160

Trust: 3.5

db:BIDid:28184

Trust: 1.9

db:SECUNIAid:29237

Trust: 1.7

db:VUPENid:ADV-2008-0990

Trust: 1.6

db:EXPLOIT-DBid:5289

Trust: 1.6

db:JVNDBid:JVNDB-2008-005542

Trust: 0.8

db:MILW0RMid:5289

Trust: 0.6

db:XFid:41424

Trust: 0.6

db:CNNVDid:CNNVD-200803-393

Trust: 0.6

db:PACKETSTORMid:64888

Trust: 0.1

sources: BID: 28184 // JVNDB: JVNDB-2008-005542 // PACKETSTORM: 64888 // CNNVD: CNNVD-200803-393 // NVD: CVE-2008-1160

REFERENCES

url:http://www.securityfocus.com/bid/28184

Trust: 1.6

url:http://www.secumania.org/exploits/remote/zyxel-zywall-quagga_zebra-%28default-pass%29-remote-root-vulnerability-2008032143791/

Trust: 1.6

url:http://packetstormsecurity.org/0803-exploits/zywall.pdf

Trust: 1.6

url:http://secunia.com/advisories/29237

Trust: 1.6

url:http://www.vupen.com/english/advisories/2008/0990/references

Trust: 1.0

url:https://www.exploit-db.com/exploits/5289

Trust: 1.0

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/41424

Trust: 1.0

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-1160

Trust: 0.8

url:http://www.milw0rm.com/exploits/5289

Trust: 0.6

url:http://xforce.iss.net/xforce/xfdb/41424

Trust: 0.6

url:http://www.frsirt.com/english/advisories/2008/0990/references

Trust: 0.6

url:http://www.zyxel.com

Trust: 0.3

url:http://secunia.com/secunia_security_advisories/

Trust: 0.1

url:http://secunia.com/advisories/29237/

Trust: 0.1

url:http://secunia.com/product/147/

Trust: 0.1

url:https://psi.secunia.com/?page=changelog

Trust: 0.1

url:https://psi.secunia.com/

Trust: 0.1

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.1

url:http://secunia.com/about_secunia_advisories/

Trust: 0.1

sources: BID: 28184 // JVNDB: JVNDB-2008-005542 // PACKETSTORM: 64888 // CNNVD: CNNVD-200803-393 // NVD: CVE-2008-1160

CREDITS

Pranav Joshi joshipranav@gmail.com

Trust: 0.6

sources: CNNVD: CNNVD-200803-393

SOURCES

db:BIDid:28184
db:JVNDBid:JVNDB-2008-005542
db:PACKETSTORMid:64888
db:CNNVDid:CNNVD-200803-393
db:NVDid:CVE-2008-1160

LAST UPDATE DATE

2025-04-10T23:15:48.911000+00:00


SOURCES UPDATE DATE

db:BIDid:28184date:2008-03-12T17:41:00
db:JVNDBid:JVNDB-2008-005542date:2024-03-01T01:58:00
db:CNNVDid:CNNVD-200803-393date:2008-09-11T00:00:00
db:NVDid:CVE-2008-1160date:2025-04-09T00:30:58.490

SOURCES RELEASE DATE

db:BIDid:28184date:2008-03-10T00:00:00
db:JVNDBid:JVNDB-2008-005542date:2012-12-20T00:00:00
db:PACKETSTORMid:64888date:2008-03-26T20:17:54
db:CNNVDid:CNNVD-200803-393date:2008-03-24T00:00:00
db:NVDid:CVE-2008-1160date:2008-03-25T00:44:00