Zyxel IPC 3605N & 4605N / Remote shell access

[Eric Urban <hydrogen18 () gmail com>]

Hello everyone,

I have identified that the Zyxel IPC 3605N and 4605N IP based security
cameras have multiple flaws. Combining these together leads to the ability
for an attacker to remotely install root shell access on the device.

A web server installed for UPnP purposes allows the plaintext passwords to
be retrieved by anyone. This grants access to the web administration
interface. From there, a tarball can be downloaded, modified with a script
to execute telnetd, and then uploaded back to the device.

Full report with link to a PoC here:
http://www.hydrogen18.com/blog/hacking-zyxel-ip-cameras-pt-1.html

Eric
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/