ZyXEL ZyWALL 1050 has a hard-coded password for the Quagga and Zebra processes that is not changed when it is set by a user, which allows remote attackers to gain privileges.

References

• https://nvd.nist.gov/vuln/detail/CVE-2008-1160
• https://exchange.xforce.ibmcloud.com/vulnerabilities/41424
• https://www.exploit-db.com/exploits/5289
• http://packetstormsecurity.org/0803-exploits/ZyWALL.pdf
• http://secunia.com/advisories/29237
• http://www.securityfocus.com/bid/28184
• http://www.vupen.com/english/advisories/2008/0990/references
• http://www.secumania.org/exploits/remote/zyxel-zywall-quagga_zebra-(default-pass)-remote-root-vulnerability-2008032143791