28 matches found
EUVD-2008-1522
Malware in sbrugna...
Design/Logic Flaw
ZyXEL Prestige routers have a minimum password length for the admin account that is too small, which makes it easier for remote attackers to guess passwords via brute force methods...
CVE-2008-1526
ZyXEL Prestige routers, including P-660, P-661, and P-662 models with firmware 3.40PE9 and 3.40AGD.2 through 3.40AHQ.3, do not use a salt when calculating an MD5 password hash, which makes it easier for attackers to crack passwords...
CVE-2008-1524
The SNMP service on ZyXEL Prestige routers, including P-660 and P-661 models with firmware 3.40AGD.2 through 3.40AHQ.3, has "public" as its default community for both 1 read and 2 write operations, which allows remote attackers to perform administrative actions via SNMP, as demonstrated by readin...
CVE-2008-1527
ZyXEL Prestige routers, including P-660, P-661, and P-662 models with firmware 3.40PE9 and 3.40AGD.2 through 3.40AHQ.3, support authentication over HTTP via a hash string in the hiddenPassword field, which allows remote attackers to obtain access via a replay attack...
CVE-2008-1528
ZyXEL Prestige routers, including P-660, P-661, and P-662 models with firmware 3.40AGD.2 through 3.40AHQ.3, allow remote authenticated users to obtain authentication data by making direct HTTP requests and then reading the HTML source, as demonstrated by a request for 1 RemMagSNMP.html, which...
Design/Logic Flaw
ZyXEL Prestige routers, including P-660, P-661, and P-662 models with firmware 3.40AGD.2 through 3.40AHQ.3, allow remote authenticated users to obtain ISP and Dynamic DNS credentials by sending a direct request for 1 WAN.html, 2 wzPPPOE.html, and 3 rpDyDNS.html, and then reading the HTML source...
Authentication flaw
ZyXEL Prestige routers, including P-660, P-661, and P-662 models with firmware 3.40AGD.2 through 3.40AHQ.3, allow remote authenticated users to obtain authentication data by making direct HTTP requests and then reading the HTML source, as demonstrated by a request for 1 RemMagSNMP.html, which...
CVE-2008-1522
ZyXEL Prestige routers, including P-660 and P-661 models with firmware 3.40AGD.2 through 3.40AHQ.3, have 1 "user" as their default password for the "user" account and 2 "1234" as their default password for the "admin" account, which makes it easier for remote attackers to obtain access...
Design/Logic Flaw
ZyXEL Prestige routers, including P-660 and P-661 models with firmware 3.40AGD.2 through 3.40AHQ.3, allow remote authenticated users to gain privileges by accessing administrative URIs, as demonstrated by rpSysAdmin.html...
Default credentials
ZyXEL Prestige routers, including P-660 and P-661 models with firmware 3.40AGD.2 through 3.40AHQ.3, have 1 "user" as their default password for the "user" account and 2 "1234" as their default password for the "admin" account, which makes it easier for remote attackers to obtain access...
Design/Logic Flaw
The SNMP service on ZyXEL Prestige routers, including P-660 and P-661 models with firmware 3.40AGD.2 through 3.40AHQ.3, has "public" as its default community for both 1 read and 2 write operations, which allows remote attackers to perform administrative actions via SNMP, as demonstrated by readin...
CVE-2008-1521
ZyXEL Prestige routers, including P-660 and P-661 models with firmware 3.40AGD.2 through 3.40AHQ.3, allow remote authenticated users to gain privileges by accessing administrative URIs, as demonstrated by rpSysAdmin.html...
Default credentials
ZyXEL Prestige routers, including P-660, P-661, and P-662 models with firmware 3.40PE9 and 3.40AGD.2 through 3.40AHQ.3, do not use a salt when calculating an MD5 password hash, which makes it easier for attackers to crack passwords...
CVE-2008-1522
ZyXEL Prestige routers, including P-660 and P-661 models with firmware 3.40AGD.2 through 3.40AHQ.3, have 1 "user" as their default password for the "user" account and 2 "1234" as their default password for the "admin" account, which makes it easier for remote attackers to obtain access...
CVE-2008-1523
ZyXEL Prestige routers, including P-660, P-661, and P-662 models with firmware 3.40AGD.2 through 3.40AHQ.3, allow remote authenticated users to obtain ISP and Dynamic DNS credentials by sending a direct request for 1 WAN.html, 2 wzPPPOE.html, and 3 rpDyDNS.html, and then reading the HTML source...
CVE-2008-1529
ZyXEL Prestige routers have a minimum password length for the admin account that is too small, which makes it easier for remote attackers to guess passwords via brute force methods...
CVE-2008-1527
ZyXEL Prestige routers, including P-660, P-661, and P-662 models with firmware 3.40PE9 and 3.40AGD.2 through 3.40AHQ.3, support authentication over HTTP via a hash string in the hiddenPassword field, which allows remote attackers to obtain access via a replay attack...
CVE-2008-1527
CVE-2008-1527 affects ZyXEL Prestige routers P-660, P-661, and P-662 with firmware versions 3.40(PE9) and 3.40(AGD.2) through 3.40(AHQ.3). The issue arises from HTTP authentication using a hash in the hiddenPassword field, enabling remote attackers to gain access via a replay attack. Reported imp...
CVE-2008-1523
ZyXEL Prestige routers P-660, P-661, and P-662 with firmware 3.40(AGD.2)–3.40(AHQ.3) expose a vulnerability where remote authenticated users can read HTML source by directly requesting WAN.html, wzPPPOE.html, and rpDyDNS.html, potentially obtaining ISP and Dynamic DNS credentials. This is documen...