CVE-2017-7964

Published: Apr 19, 2017Modified: May 13, 2026

10.0

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 6.0

Source: NVD

Description

Zyxel WRE6505 devices have a default TELNET password of 1234 for the root and admin accounts, which makes it easier for remote attackers to conduct DNS hijacking attacks by reconfiguring the built-in dnshijacker process.

Affected (1)

Products: Zyxel: Wre6505 Firmware

Zyxel

1 product

Wre6505 Firmware

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Zyxel Wre6505 Firmware	Up to v1.00\(aaqb.3\)c0

Related CWEs

CWE-1188

Initialization of a Resource with an Insecure Default

The product initializes or sets a resource with a default that is intended to be changed by the administrator, but the default is not secure.

References (2)

https://www.oxy-gen.mobi/blog.html

Source: cve@mitre.org

ExploitPatchThird Party Advisory

https://www.oxy-gen.mobi/blog.html

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatchThird Party Advisory

Timeline

No history available yet.