ZyXEL ZyWALL 2 Multiple Remote Vulnerabilities

Bugtraq ID:	25262
Class:	Unknown
CVE:	CVE-2007-4319 CVE-2007-4317
Remote:	Yes
Local:	No
Published:	Aug 10 2007 12:00AM
Updated:	Jul 05 2016 10:00PM
Credit:	Henri Lindberg discovered these issues.
Vulnerable:	ZyXEL ZyWALL 2 3.62 (WK.6)
Not Vulnerable:

ZyXEL ZyWALL 2 Multiple Remote Vulnerabilities

ZyXEL ZyWALL 2 is prone to multiple remote vulnerabilities that affect the management interface.

An attacker can exploit these issues to carry out cross-site request forgery, HTML-injection, and denial-of-service attacks.

ZyWALL 2 running with firmware V3.62(WK.6) is reported vulnerable to this issue.

ZyXEL ZyWALL 2 Multiple Remote Vulnerabilities

A proof of concept is available:

• /data/vulnerabilities/exploits/zywall_poc.txt

ZyXEL ZyWALL 2 Multiple Remote Vulnerabilities

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

ZyXEL ZyWALL 2 Multiple Remote Vulnerabilities

References:

• ZyWALL 2 Product Page (ZyXEL)
  
• Zyxel Zywall 2 Multiple vulnerabilities (Henri Lindberg)