Zoom Telephonics ADSL Modem/Router - Multiple Vulnerabilities

Zoom Telephonics ADSL Modem/Router - Multiple Vulnerabilities

Five models of the Zoom Telephonics ADSL Modem/Router line suffer from multiple critical vulnerabilities, almost all being of a remote access attack vector.

Zoom X3 ADSL Modem/Router
Zoom X4 ADSL Modem/Router
Zoom X5 ADSL Modem/Router
Zoom ADSL Bridge Modem Model 5715
Zoom USB ADSL Modem Model 5510B

By simply placing the following two URLs into a web browser, a
vulnerability will all models and firmware versions allow for bypass
of administrative credential challenge. All models and firmware
versions can access these pages with no authentication. An
un-authenticated user can preform almost all administrative tasks once the authentication is bypassed.

http://<IP>/hag/pages/toc.htm (--Menu Banner)
http://<IP>/hag/pages/toolbox.htm (-Advanced Options Menu)