8 matches found
Zyxel P-660HW-61 Firmware 3.40(PE.11)C0 Router - Local File Inclusion
Zyxel P-660HW-61 Firmware 3.40PE.11C0 Router - Local File Inclusion Exploit Title: Zyxel P-660HW-61 3.40PE.11C0 - Local File Inclusion Date: 2-05-2017 Exploit Author: ReverseBrain Contact: https://www.twitter.com/ReverseBrain Vendor Homepage: https://www.zyxel.com Software Link:...
CVE-2015-6017
Multiple cross-site scripting XSS vulnerabilities in Forms/rpAuth1 on ZyXEL P-660HW-T1 2 devices with ZyNOS firmware 3.40AXH.0 allow remote attackers to inject arbitrary web script or HTML via the 1 LoginPassword or 2 hiddenPassword parameter...
ZyXEL P-660HW-T1 Cross-Site Scripting Vulnerability
Zyxel P-660HW-T1 is a wireless router product from ZyXEL Technology. A cross-site scripting vulnerability exists in the 'LoginPassword' and 'hiddenPassword' parameters in the /Forms/rpAuth1 page of the ZyXEL P-660HW-T1 v2 using ZyNOS version V3.40 AXH.0 firmware. ' parameters in the /Forms/rpAuth...
Authentication flaw
ZyXEL Prestige routers, including P-660, P-661, and P-662 models with firmware 3.40AGD.2 through 3.40AHQ.3, allow remote authenticated users to obtain authentication data by making direct HTTP requests and then reading the HTML source, as demonstrated by a request for 1 RemMagSNMP.html, which...
Design/Logic Flaw
ZyXEL Prestige routers, including P-660 and P-661 models with firmware 3.40AGD.2 through 3.40AHQ.3, allow remote authenticated users to gain privileges by accessing administrative URIs, as demonstrated by rpSysAdmin.html...
Design/Logic Flaw
The SNMP service on ZyXEL Prestige routers, including P-660 and P-661 models with firmware 3.40AGD.2 through 3.40AHQ.3, has "public" as its default community for both 1 read and 2 write operations, which allows remote attackers to perform administrative actions via SNMP, as demonstrated by readin...
CVE-2006-3929
Cross-site scripting XSS vulnerability in the Forms/rpSysAdmin script on the Zyxel Prestige 660H-61 ADSL Router running firmware 3.40PT.0b32 allows remote attackers to inject arbitrary web script or HTML via hex-encoded values in the a parameter...
CVE-2006-3929
Affected product: Zyxel Prestige 660H-61 ADSL Router, firmware 3.40(PT.0)b32. Vulnerable component: Forms/rpSysAdmin script. Root cause: XSS via hex-encoded values in parameter a due to improper sanitization. Impact: remote attacker can execute arbitrary script in the victim’s browser (cross-site...