Home / os / winmobile

Zyxel NWA/NAP/WAC Hardcoded Credentials

Posted on 30 August 2019

An FTP service runs on the Zyxel wireless access point that contains the configuration file for the WiFi network. This FTP server can be accessed with hard-coded credentials that are embedded in the firmware of the AP. When the WiFi network is bound to another VLAN, an attacker can cross the network by fetching the credentials from the FTP server.

 

TOP

Malware :

Exploits :