4 matches found
CVE-2008-1261
The Zyxel P-2602HW-D1A router with 3.40AJZ.1 firmware provides different responses to admin page requests depending on whether a user is logged in, which allows remote attackers to obtain current login status by requesting an arbitrary admin URI...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities on the Zyxel P-2602HW-D1A router with 3.40AJZ.1 firmware allow remote attackers to 1 make the admin web server available on the Internet WAN interface via the WWWAccessInterface parameter to Forms/RemMagWWW1 or 2 change the IP whitelisting...
CVE-2008-1261
The CVE-2008-1261 entry affects the Zyxel P-2602HW-D1A router (firmware 3.40(AJZ.1)). The vulnerability arises because the device’s admin page responses differ based on whether a user is logged in, enabling remote attackers to learn the current login status by requesting an arbitrary admin URI. T...
CVE-2008-1260
The CVE-2008-1260 entry affects the Zyxel P-2602HW-D1A router running firmware 3.40(AJZ.1). The described vulnerabilities are CSRF flaws that let remote attackers (no authentication required) influence the device: (1) expose the admin web server on WAN via WWWAccessInterface in Forms/RemMagWWW_1,...