RE: ZyXEL Prestige 642R: Exposed Admin Services on WAN with Default Password

From: Daryl Maunder (dmaunderat_private)
Date: Sun Aug 12 2001 - 01:39:50 PDT

Next message: Karsten M. Self: "Re: Xerox N40 printers and Code Red worm"

Previous message: Anton Rager: "Sample implementation of new WEP weakness"
Maybe in reply to: Daniel Roethlisberger: "ZyXEL Prestige 642R: Exposed Admin Services on WAN with Default Password"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

FWIW, Netgear routers, which Netgear OEM from ZYXel have always shipped
with no way of disabling listening on the WAN interface, but with a
default filter rule which blocks inbound telnet, ftp and http to the
router on the wan interface.

-----Original Message-----
From: Daniel Roethlisberger [mailto:danielat_private]
Sent: Sunday, 12 August 2001 05:23
To: bugtraqat_private
Subject: Re: ZyXEL Prestige 642R: Exposed Admin Services on WAN with
Default Password

A hopefully last update on the P642R(-I) story from my side:

It seems that ZyXEL was notified of the open services on the WAN
side in June, by Sean Boran <seanat_private>. They seemed to have
added and applied a working filter rule after a lengthy
discussion, without public notification of the issue. They did not
make "not listening" a firmware option; they just changed the
default filtering configuration. They did not change the default
password either (not that I'd have seriously expected them to).

As of firmware 2.50(AJ.4) for the 642R, released in July, there
seems to be a filter rule active in default configuration, which
blocks incoming ports 21/tcp, 23/tcp, 80/tcp (why http?!) and
69/udp on the WAN side.

There seems to be no stable fixed firmware release for the 642R-I
yet, but the latest beta might be fixed. Unfortunately it comes
without release notes for some reason, which would have told what
its default settings are.

The firmware releases I stated in my original posting were -not-
accurate. With my current knowledge, I would say that no firmware
older than July is fixed; but latest (beta) firmware releases
should have the filters, if the configuration rom-file is applied
too when updating the firmware (which will trash the current
configuration). However, it seems that latest available firmware
releases differ considerably between countries and ZyXEL
distributors, and I can not be certain that the default
configurations are the same worldwide, as some distributors seem
to customly configure the Prestiges for ISP's who resell them.

I hope ZyXEL can deliver a more accurate statement as to which
firmware releases have the working filter in place.

Cheers,
Dan

-- 
   Daniel Roethlisberger <danielat_private>
   PGP Key ID 0x8DE543ED with fingerprint
   6C10 83D7 2BB8 D908 10AE  7FA3 0779 0355 8DE5 43ED

Next message: Karsten M. Self: "Re: Xerox N40 printers and Code Red worm"
Previous message: Anton Rager: "Sample implementation of new WEP weakness"
Maybe in reply to: Daniel Roethlisberger: "ZyXEL Prestige 642R: Exposed Admin Services on WAN with Default Password"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sun Aug 12 2001 - 09:47:02 PDT