Posted by Pedro Ribeiro on Jan 17

Hi,

TrueOnline is a Thai ISP that distributes customised versions of ZyXEL
and Billion routers – customised with vulnerabilities that is.
The routers contain several default administrative accounts and command
injections that can be abused by authenticated and unauthenticated
attackers. Details in the advisory below, which is a copy of
https://raw.githubusercontent.com/pedrib/PoC/master/advisories/zyxel_trueonline.txt
Metasploit modules have…