Zyxel : Security Vulnerabilities, CVEs, Published In 2008 (Bypass)
ZyXEL Prestige routers, including P-660, P-661, and P-662 models with firmware 3.40(AGD.2) through 3.40(AHQ.3), allow remote authenticated users to obtain authentication data by making direct HTTP requests and then reading the HTML source, as demonstrated by a request for (1) RemMagSNMP.html, which discloses SNMP communities; or (2) WLAN.html, which discloses WEP keys.
Max CVSS
4.0
EPSS Score
0.21%
Published
2008-03-26
Updated
2018-10-11
The Zyxel P-2602HW-D1A router with 3.40(AJZ.1) firmware maintains authentication state by IP address, which allows remote attackers to bypass authentication by establishing a session from a source IP address of a user who previously authenticated within the previous 5 minutes.
Max CVSS
9.3
EPSS Score
0.60%
Published
2008-03-10
Updated
2018-10-11
2 vulnerabilities found