Full title: Zyxel NWA/NAP/WAC Hardcoded Credentials Vulnerability 
Category: web applications
Platform: hardware
An FTP service runs on the Zyxel wireless access point that contains the configuration file for the WiFi network. This FTP server can be accessed with hard-coded credentials that are embedded in the firmware of the AP. When the WiFi network is bound to another VLAN, an attacker can cross the network by fetching the credentials from the FTP server.

# 0day.today @ http://0day.today/