Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2004-1540

4 documents4 sources

Severity

5.0MEDIUM

EPSS

5.1%

top 10.12%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Zyxel Prestige Zyxel Zynos

Timeline

PublishedDec 31

Latest updateApr 29

Description

ZyXEL Prestige 623, 650, and 652 HW Routers, and possibly other versions, with HTTP Remote Administration enabled, does not require a password to access rpFWUpload.html, which allows remote attackers to reset the router configuration file.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶NVDzyxel/prestige5 versions+4

▶NVDzyxel/zynos3.40, is.3, is.5+2

🔴Vulnerability Details

GHSA

GHSA-v4rc-26p2-jm4g: ZyXEL Prestige 623, 650, and 652 HW Routers, and possibly other versions, with HTTP Remote Administration enabled, does not require a password to acce↗2022-04-29

▶

CVEList

CVE-2004-1540: ZyXEL Prestige 623, 650, and 652 HW Routers, and possibly other versions, with HTTP Remote Administration enabled, does not require a password to acce↗2005-02-19

▶

💥Exploits & PoCs

Exploit-DB

ZYXEL 3 Prestige Router - HTTP Remote Administration Configuration Reset↗2004-11-22

▶