CVE-2008-1523

CWE-200 — Information Exposure3 documents3 sources

Severity

5.0MEDIUM

EPSS

0.3%

top 45.05%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Zyxel Prestige 660 Zyxel Prestige 661 Zyxel Zynos

Timeline

PublishedMar 26

Latest updateMay 1

Description

ZyXEL Prestige routers, including P-660, P-661, and P-662 models with firmware 3.40(AGD.2) through 3.40(AHQ.3), allow remote authenticated users to obtain ISP and Dynamic DNS credentials by sending a direct request for (1) WAN.html, (2) wzPPPOE.html, and (3) rpDyDNS.html, and then reading the HTML source.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶NVDzyxel/prestige_660h-d1, h-d3+1

▶NVDzyxel/prestige_661hw-d1

▶NVDzyxel/zynos3.40

🔴Vulnerability Details

GHSA

GHSA-rhv5-x75f-g9rj: ZyXEL Prestige routers, including P-660, P-661, and P-662 models with firmware 3↗2022-05-01

▶

CVEList

CVE-2008-1523: ZyXEL Prestige routers, including P-660, P-661, and P-662 models with firmware 3↗2008-03-26

▶