Cross-Site Request Forgery Vulnerabilities in Zyxel Zywall 2 Management Interface
CVE-2007-4317

Currently unrated

Key Information:

Vendor: Zyxel
Status: Zynos; Zywall 2
Vendor: CVE Published:; 13 August 2007

Summary

The Zyxel Zywall 2 device running ZyNOS firmware 3.62 (WK.6) has multiple vulnerabilities in its management interface, allowing remote attackers to exploit CSRF to perform actions as administrators. Malicious requests can manipulate sensitive parameters such as sysSystemName and sysDomainName, enabling unauthorized changes to configurations without user consent. This opens the door for significant security breaches, emphasizing the necessity for robust access controls and security measures.

References

http://www.louhi.fi/advisory/zyxel_070810.txt

x_refsource_MISC

http://www.securityfocus.com/archive/1/476031/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://osvdb.org/37670

vdb-entryx_refsource_OSVDB

Timeline

Vulnerability published
Aug 13, 2007
Vulnerability Reserved
Aug 13, 2007