First published: Wed Apr 19 2017(Updated: )
Zyxel WRE6505 devices have a default TELNET password of 1234 for the root and admin accounts, which makes it easier for remote attackers to conduct DNS hijacking attacks by reconfiguring the built-in dnshijacker process.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Zyxel Wre6505 Firmware | <=v1.00\(aaqb.3\)c0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2017-7964 is classified as a high severity vulnerability due to the default TELNET password exposure.
To fix CVE-2017-7964, change the default TELNET password from '1234' to a strong, unique password.
CVE-2017-7964 affects Zyxel WRE6505 devices running firmware versions up to v1.00(aaqb.3)c0.
CVE-2017-7964 can be exploited for DNS hijacking attacks by reconfiguring the device's dnshijacker process.
You can determine if your Zyxel device is vulnerable to CVE-2017-7964 by checking if it uses the default TELNET password and runs the affected firmware version.