09 Jan 2004
04 Jan 2005
This covers vulnerabilities or security issues where malicious users or people can bypass certain security mechanisms of the application.
The actual impact varies significantly depending on the design and purpose of the affected application.
Rafel Ivgi has reported a vulnerability in ZyXEL ZyWALL, allowing malicious people to conduct cross-site scripting attacks.
The problem is that the "rpAuth" form doesn't handle input properly. This can be exploited by injecting malicious HTML or script code.
The vulnerability has also been reported in ZyAIR B-420 Wireless Ethernet Adapter. Other products are likely also affected.
The firewall products should only be managed from a dedicated management station.
Filter traffic to affected network devices.
Originally discovered by:
Reported in ZyAIR B-420 Wireless Ethernet Adapter by: