EUVD-2015-5962

Malware in sbrugna...

CVE-2015-7256

ZyXEL NWA1100-N, NWA1100-NH, NWA1121-NI, NWA1123-AC, and NWA1123-NI access points; P-660HN-51, P-663HN-51, VMG1312-B10A, VMG1312-B30A, VMG1312-B30B, VMG4380-B10A, VMG8324-B10A, VMG8924-B10A, VMG8924-B30A, and VSG1435-B101 DSL CPEs; PMG5318-B20A GPONs; SBG3300-N000, SBG3300-NB00, and SBG3500-N000...

The vulnerability of the ZyXEL PMG5318-B20A router allows a violator to circumvent existing access restrictions.

The vulnerability of the ZyXEL PMG5318-B20A router exists due to the absence of session termination after exiting the system. Exploiting this vulnerability allows a malicious actor to circumvent existing access restrictions by using an automated workstation...

The vulnerabilities of the P-660HW, NBG-418N, PMG5318 router microprogramming software and the ZyNOS operating system allow a hacker to gain administrator privileges.

The vulnerability of the P-660HW, NBG-418N, PMG5318 router microprogramming software and the ZyNOS operating system is related to the default use of a standard password for the administrator account. Exploiting this vulnerability can allow an attacker, operating remotely, to gain administrator...

CVE-2015-6020

ZyXEL PMG5318-B20A devices with firmware 1.00AANC0b5 allow remote authenticated users to obtain administrative privileges by leveraging access to the user account...

CVE-2015-6019

The management portal on ZyXEL PMG5318-B20A devices with firmware 1.00AANC0b5 does not terminate sessions upon a logout action, which allows remote attackers to bypass intended access restrictions by leveraging an unattended workstation...

CVE-2015-6018

The diagnostic-ping implementation on ZyXEL PMG5318-B20A devices with firmware before 1.00AANC.2C0 allows remote attackers to execute arbitrary commands via the PingIPAddr parameter...

Design/Logic Flaw

The diagnostic-ping implementation on ZyXEL PMG5318-B20A devices with firmware before 1.00AANC.2C0 allows remote attackers to execute arbitrary commands via the PingIPAddr parameter...

Default credentials

ZyXEL P-660HW-T1 2 devices with ZyNOS firmware 3.40AXH.0, PMG5318-B20A devices with firmware 1.00AANC0b5, and NBG-418N devices have a default password of 1234 for the admin account, which allows remote attackers to obtain administrative access via unspecified vectors...

Design/Logic Flaw

The management portal on ZyXEL PMG5318-B20A devices with firmware 1.00AANC0b5 does not terminate sessions upon a logout action, which allows remote attackers to bypass intended access restrictions by leveraging an unattended workstation...

Code injection

ZyXEL PMG5318-B20A devices with firmware 1.00AANC0b5 allow remote authenticated users to obtain administrative privileges by leveraging access to the user account...

CVE-2015-6020

CVE-2015-6020 affects ZyXEL PMG5318-B20A with firmware 1.00AANC0b5. Root cause is improper authorization allowing a remote authenticated user to gain full administrative privileges by abusing the user account. Documented impact per NVD/CERT shows remote configuration modification as a potential o...

CVE-2015-6019

The management portal on ZyXEL PMG5318-B20A devices with firmware 1.00AANC0b5 does not terminate sessions upon a logout action, which allows remote attackers to bypass intended access restrictions by leveraging an unattended workstation...

CVE-2015-6019

The CVE-2015-6019 issue affects ZyXEL PMG5318-B20A devices running firmware 1.00AANC0b5, where the management portal does not terminate sessions on logout. This allows an attacker to reuse an active session from an unattended workstation and bypass access restrictions. The connected CERT/NVD entr...

CVE-2015-6018

The CVE-2015-6018 issue affects ZyXEL PMG5318-B20A devices running firmware prior to 1.00(AANC.2)C0. The vulnerability arises from improper validation in the diagnostic ping function’s PingIPAddr parameter, allowing remote attackers to execute arbitrary commands as root (OS command injection). Do...

CVE-2015-6016

CVE-2015-6016 affects ZyXEL routers: P-660HW-T1 v2 with ZyNOS 3.40(AXH.0), PMG5318-B20A (firmware 1.00AANC0b5), and NBG-418N, where the admin account uses a default password of 1234 . This enables remoting attackers to obtain administrative access via unspecified vectors. The connected sources co...

CVE-2015-6018

The diagnostic-ping implementation on ZyXEL PMG5318-B20A devices with firmware before 1.00AANC.2C0 allows remote attackers to execute arbitrary commands via the PingIPAddr parameter...

CVE-2015-6020

ZyXEL PMG5318-B20A devices with firmware 1.00AANC0b5 allow remote authenticated users to obtain administrative privileges by leveraging access to the user account...

ZyXEL PMG5318-B20A diagnostic ping function input validation vulnerability

ZyXEL PMG5318-B20A is a wireless switch product from Hopkins ZyXEL Technology. A security vulnerability exists in the 'PingIPAddr' parameter in the diagnostic ping function of the ZyXEL PMG5318-B20A using firmware version V100AANC0b5. A remote attacker can exploit the vulnerability to execute...

ZyXEL PMG5318-B20A Session Expiration Vulnerability

ZyXEL PMG5318-B20A is a wireless switch product from Hopkins ZyXEL Technology. A security vulnerability exists in the ZyXEL PMG5318-B20A using firmware version V100AANC0b5. A remote attacker can exploit the vulnerability to gain access to the device with the help of session information...