Published on Wednesday, 25 February 2015 19:51
[ Update ] Aztech has released a new firmware to fix the reported vulnerability.
[ Background ]
It is reported that a few routers that may have been provided by Singapore ISPs are found to contain vulnerabilities or insecure configuration.
[ Affected Products ]
Products with vulnerabilities
- Zhone zNID GPON 24xx, 24xxA, 42xx, 42xxA, 26xx and 28xx series (CVE-2014-8356, CVE-2014-8357, CVE-2014-9118)
- Asus WL-330NUL
[ Recommendations ]
Users can mitigate the risks by
- Disabling remote access to the router, such as remote web administration, ssh and telnet; and
- Changing the router’s default administrator password
- Users can contact their ISPs to check if they are affected and the measures they need to take
[ References ]