ZyXEL ZyWALL Quagga And Zebra Processes Default Account Password Vulnerability

ZyXEL ZyWALL Quagga And Zebra Processes Default Account Password Vulnerability

ZyXEL ZyWALL 1050 devices contain a default password for their Quagga and Zebra daemon processes. The device fails to change the default password when a legitimate user sets a new password.

Attackers can use this default password to gain unauthorized access to the device. By gaining administrative access to Quagga or Zebra, an attacker can modify network routes on the device, possibly redirecting traffic or denying network service to legitimate users. The attacker may also be able to exploit latent vulnerabilities in the daemon itself.

ZyWALL 1050 is vulnerable; other devices may also be affected.