English
The Internet threat alert status is currently normal. At present, no major epidemics or other serious incidents have been recorded by Kaspersky Lab’s monitoring service. Internet threat level: 1

ZyXEL Products rpAuth Form Cross-Site Scripting Vulnerability


Secunia ID

SA10574

Release Date

09 Jan 2004

Last Change

04 Jan 2005

Criticality

Less Critical

Solution Status

Unpatched

Where

From remote

Impact
Security Bypass

This covers vulnerabilities or security issues where malicious users or people can bypass certain security mechanisms of the application.

The actual impact varies significantly depending on the design and purpose of the affected application.

Description

Rafel Ivgi has reported a vulnerability in ZyXEL ZyWALL, allowing malicious people to conduct cross-site scripting attacks.

The problem is that the "rpAuth" form doesn't handle input properly. This can be exploited by injecting malicious HTML or script code.

Example:
/Forms/rpAuth_1?ZyXEL%20ZyWALL%20Series

The vulnerability has also been reported in ZyAIR B-420 Wireless Ethernet Adapter. Other products are likely also affected.

Solution

The firewall products should only be managed from a dedicated management station.

Filter traffic to affected network devices.

Reported by

Originally discovered by:
Rafel Ivgi

Reported in ZyAIR B-420 Wireless Ethernet Adapter by:
C H F