CVE-2015-6016

Vulnerability

Several ZyXEL router models ship with a weak default password of 1234 for the admin account. The affected devices include the ZyXEL P-660HW-T1 v2 running ZyNOS firmware version V3.40(AXH.0) (dated 3/30/2007), the ZyXEL PMG5318-B20A with firmware version V100AANC0b5, and the ZyXEL NBG-418N. Many additional models have been reported to share the same default credential [1][2].

Exploitation

An attacker with network access to the router's management interface (typically the web-based administration panel) can simply log in using the username admin and the password 1234. No authentication bypass or additional privileges are required. The default password is well-known and can be trivially guessed or obtained from public sources [1][2].

Impact

Successful exploitation grants the attacker full administrative control over the affected router. This allows the attacker to change device configuration, read or modify network settings, enable remote access, intercept traffic, and potentially pivot to internal network resources. The compromise is at the highest privilege level (admin) and can lead to complete loss of confidentiality, integrity, and availability of the device and connected networks [1][2].

Mitigation

ZyXEL has not released a firmware update to address this issue for the listed models, which may be end-of-life. The primary mitigation is to change the default password immediately upon device deployment. Users should set a strong, unique password for the admin account via the router's administration interface. Additionally, disabling remote management access or restricting it to trusted IP addresses reduces exposure. No official patch is available from the vendor [1][2].