RSS   Vulnerabilities for 'Prestige 660'   RSS

2008-03-26
 
CVE-2008-1529

CWE-255
 

 
ZyXEL Prestige routers have a minimum password length for the admin account that is too small, which makes it easier for remote attackers to guess passwords via brute force methods.

 
 
CVE-2008-1528

CWE-287
 

 
ZyXEL Prestige routers, including P-660, P-661, and P-662 models with firmware 3.40(AGD.2) through 3.40(AHQ.3), allow remote authenticated users to obtain authentication data by making direct HTTP requests and then reading the HTML source, as demonstrated by a request for (1) RemMagSNMP.html, which discloses SNMP communities; or (2) WLAN.html, which discloses WEP keys.

 
 
CVE-2008-1527

CWE-310
 

 
ZyXEL Prestige routers, including P-660, P-661, and P-662 models with firmware 3.40(PE9) and 3.40(AGD.2) through 3.40(AHQ.3), support authentication over HTTP via a hash string in the hiddenPassword field, which allows remote attackers to obtain access via a replay attack.

 
 
CVE-2008-1526

CWE-310
 

 
ZyXEL Prestige routers, including P-660, P-661, and P-662 models with firmware 3.40(PE9) and 3.40(AGD.2) through 3.40(AHQ.3), do not use a salt when calculating an MD5 password hash, which makes it easier for attackers to crack passwords.

 
 
CVE-2008-1525

CWE-16
 

 
The default SNMP configuration on ZyXEL Prestige routers, including P-660 and P-661 models with firmware 3.40(AGD.2) through 3.40(AHQ.3), has a Trusted Host value of 0.0.0.0, which allows remote attackers to send SNMP requests from any source IP address.

 
 
CVE-2008-1524

CWE-16
 

 
The SNMP service on ZyXEL Prestige routers, including P-660 and P-661 models with firmware 3.40(AGD.2) through 3.40(AHQ.3), has "public" as its default community for both (1) read and (2) write operations, which allows remote attackers to perform administrative actions via SNMP, as demonstrated by reading the Dynamic DNS service password or inserting an XSS sequence into the system.sysName.0 variable, which is displayed on the System Status page.

 
 
CVE-2008-1523

CWE-200
 

 
ZyXEL Prestige routers, including P-660, P-661, and P-662 models with firmware 3.40(AGD.2) through 3.40(AHQ.3), allow remote authenticated users to obtain ISP and Dynamic DNS credentials by sending a direct request for (1) WAN.html, (2) wzPPPOE.html, and (3) rpDyDNS.html, and then reading the HTML source.

 
 
CVE-2008-1522

CWE-16
 

 
ZyXEL Prestige routers, including P-660 and P-661 models with firmware 3.40(AGD.2) through 3.40(AHQ.3), have (1) "user" as their default password for the "user" account and (2) "1234" as their default password for the "admin" account, which makes it easier for remote attackers to obtain access.

 
 
CVE-2008-1521

CWE-264
 

 
ZyXEL Prestige routers, including P-660 and P-661 models with firmware 3.40(AGD.2) through 3.40(AHQ.3), allow remote authenticated users to gain privileges by accessing administrative URIs, as demonstrated by rpSysAdmin.html.

 

 >>> Vendor: Zyxel 133 Products
Prestige
Prestige 1600
Prestige 681
Zywall10
Zynos
Prestige 650r-31
P2000w version 1 voip wifi phone
Prestige 2000w v.1voip wi-fi phone
P2000w version 2 voip wifi phone
P-335wt router
Prestige 660h-61
Zywall 2
P-330w router
Zywall
P-660hw
P-2602hw-d1a
Prestige 660
Prestige 661
Zywall 100
O2 dsl router classic
P-660hw d1
P-660hw d3
P-660hw t3
P-660h-61
P-660h-63
P-660h-67
P-660h-d1
P-660h-d3
P-660h-t1
P-660h-t3
N300 netusb nbg-419n
N300 netusb nbg-419n firmware
Sbg3300-n
Sbg3300-n firmware
Nbg-418n
Pmg5318-b20a firmware
Zynos firmware
P-660hw-t1 v2 firmware
Nbg-418n firmware
Usg50 firmware
Nwa3560-n firmware
Emg2926 firmware
Wre6505 firmware
Max308m fimware
Max338m firmware
Max218m firmware
Max318m firmware
Max218mw firmware
Max218m1w firmware
Pk5001z firmware
Vmg4380-b10a firmware
Nwa1123-ni firmware
P-663hn-51 firmware
Sbg3500-n000 firmware
Fr1000z firmware
Gs1900-24 firmware
Vmg8924-b30a firmware
Vmg1312-b30a firmware
Nwa1121-ni firmware
C1000z firmware
Gs1900-8 firmware
P-660hn-51 firmware
P8702n firmware
Nwa1100-n firmware
Nwa1100-nh firmware
Vsg1435-b101 firmware
Vmg1312-b10a firmware
Sbg3300-nb00 firmware
Sbg3300-n000 firmware
Nwa1123-ac firmware
Vmg8324-b10a firmware
Vmg1312-b30b firmware
Vmg8924-b10a firmware
Q1000 firmware
Nbg6716 firmware
P-660hw firmware
P-660hw v3 firmware
P-870h-51 firmware
Ac3000 firmware
Vmg3312 b10b firmware
Usg 1100 firmware
Usg 110 firmware
Usg 1900 firmware
Usg 20w-vpn firmware
Usg 20w firmware
Usg 2200-vpn firmware
Usg 310 firmware
Usg 40 firmware
Usg 40w firmware
Usg 60 firmware
Usg 60w firmware
Zywall 1100 firmware
Zywall 110 firmware
Zywall 310 firmware
Zywall vpn 100 firmware
Zywall vpn 300 firmware
Zywall vpn 50 firmware
Vmg3312-b10b firmware
Zywall usg 100 firmware
Nsa325 v2 firmware
See all Products for Vendor Zyxel


Copyright 2024, cxsecurity.com

 

Back to Top