CVE-2008-1528

CWE-287 — Improper Authentication3 documents3 sources

Severity

4.0MEDIUM

EPSS

0.2%

top 57.67%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Zyxel Prestige 660 Zyxel Prestige 661 Zyxel Zynos

Timeline

PublishedMar 26

Latest updateMay 1

Description

ZyXEL Prestige routers, including P-660, P-661, and P-662 models with firmware 3.40(AGD.2) through 3.40(AHQ.3), allow remote authenticated users to obtain authentication data by making direct HTTP requests and then reading the HTML source, as demonstrated by a request for (1) RemMagSNMP.html, which discloses SNMP communities; or (2) WLAN.html, which discloses WEP keys.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 8.0 | Impact: 2.9

Affected Packages3 packages

▶NVDzyxel/prestige_660h-d1, h-d3+1

▶NVDzyxel/prestige_661hw-d1

▶NVDzyxel/zynos3.40

🔴Vulnerability Details

GHSA

GHSA-wm2h-jpqw-93h6: ZyXEL Prestige routers, including P-660, P-661, and P-662 models with firmware 3↗2022-05-01

▶

CVEList

CVE-2008-1528: ZyXEL Prestige routers, including P-660, P-661, and P-662 models with firmware 3↗2008-03-26

▶