CVE-2008-1524

CWE-163 documents3 sources
Severity
7.5HIGH
EPSS
0.5%
top 33.21%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Zyxel Prestige 660Zyxel Prestige 661Zyxel Zynos
Timeline
PublishedMar 26
Latest updateMay 1

Description

The SNMP service on ZyXEL Prestige routers, including P-660 and P-661 models with firmware 3.40(AGD.2) through 3.40(AHQ.3), has "public" as its default community for both (1) read and (2) write operations, which allows remote attackers to perform administrative actions via SNMP, as demonstrated by reading the Dynamic DNS service password or inserting an XSS sequence into the system.sysName.0 variable, which is displayed on the System Status page.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

NVDzyxel/prestige_660h-d1, h-d3+1
NVDzyxel/zynos3.40

🔴Vulnerability Details

2
GHSA
GHSA-v7xw-mp6c-wc98: The SNMP service on ZyXEL Prestige routers, including P-660 and P-661 models with firmware 32022-05-01
CVEList
CVE-2008-1524: The SNMP service on ZyXEL Prestige routers, including P-660 and P-661 models with firmware 32008-03-26
CVE-2008-1524 (HIGH CVSS 7.5) | The SNMP service on ZyXEL Prestige | cvebase.io