Hi, I found a bug in ZyXEL Prestige 650 HW Routers with Http Remote Administration active. 

Exploting this bug, the attacker can reset the router configurantion.

The "/rpFWUpload.html" is not password protected. To exploit this bug you only need write that:

http://[Router ip]/rpFWUpload.html

and click the Reset button.


Sorry if this post is misspelling... but I'm from Spain and my english level is poor...

____________
Francisco José Canela