Vulnerability Details : CVE-2008-1526
ZyXEL Prestige routers, including P-660, P-661, and P-662 models with firmware 3.40(PE9) and 3.40(AGD.2) through 3.40(AHQ.3), do not use a salt when calculating an MD5 password hash, which makes it easier for attackers to crack passwords.
Products affected by CVE-2008-1526
- Zyxel » P-660hn-51 FirmwareVersions from including (>=) 3.40\(agd.2\) and up to, including, (<=) 3.40\(ahq.3\)cpe:2.3:o:zyxel:p-660hn-51_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:p-660hn-51_firmware:3.40\(pe9\):*:*:*:*:*:*:*
- Zyxel » P-663hn-51 FirmwareVersions from including (>=) 3.40\(agd.2\) and up to, including, (<=) 3.40\(ahq.3\)cpe:2.3:o:zyxel:p-663hn-51_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:p-663hn-51_firmware:3.40\(pe9\):*:*:*:*:*:*:*
- Zyxel » P-660h-61 FirmwareVersions from including (>=) 3.40\(agd.2\) and up to, including, (<=) 3.40\(ahq.3\)cpe:2.3:o:zyxel:p-660h-61_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:p-660h-61_firmware:3.40\(pe9\):*:*:*:*:*:*:*
- Zyxel » P-660h-63 FirmwareVersions from including (>=) 3.40\(agd.2\) and up to, including, (<=) 3.40\(ahq.3\)cpe:2.3:o:zyxel:p-660h-63_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:p-660h-63_firmware:3.40\(pe9\):*:*:*:*:*:*:*
- Zyxel » P-660h-67 FirmwareVersions from including (>=) 3.40\(agd.2\) and up to, including, (<=) 3.40\(ahq.3\)cpe:2.3:o:zyxel:p-660h-67_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:p-660h-67_firmware:3.40\(pe9\):*:*:*:*:*:*:*
- Zyxel » P-660h-d1 FirmwareVersions from including (>=) 3.40\(agd.2\) and up to, including, (<=) 3.40\(ahq.3\)cpe:2.3:o:zyxel:p-660h-d1_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:p-660h-d1_firmware:3.40\(pe9\):*:*:*:*:*:*:*
- Zyxel » P-660h-d3 FirmwareVersions from including (>=) 3.40\(agd.2\) and up to, including, (<=) 3.40\(ahq.3\)cpe:2.3:o:zyxel:p-660h-d3_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:p-660h-d3_firmware:3.40\(pe9\):*:*:*:*:*:*:*
- Zyxel » P-660h-t1 FirmwareVersions from including (>=) 3.40\(agd.2\) and up to, including, (<=) 3.40\(ahq.3\)cpe:2.3:o:zyxel:p-660h-t1_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:p-660h-t1_firmware:3.40\(pe9\):*:*:*:*:*:*:*
- Zyxel » P-660hw D1 FirmwareVersions from including (>=) 3.40\(agd.2\) and up to, including, (<=) 3.40\(ahq.3\)cpe:2.3:o:zyxel:p-660hw_d1_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:p-660hw_d1_firmware:3.40\(pe9\):*:*:*:*:*:*:*
- Zyxel » P-660hw D3 FirmwareVersions from including (>=) 3.40\(agd.2\) and up to, including, (<=) 3.40\(ahq.3\)cpe:2.3:o:zyxel:p-660hw_d3_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:p-660hw_d3_firmware:3.40\(pe9\):*:*:*:*:*:*:*
- Zyxel » P-660hw T3 FirmwareVersions from including (>=) 3.40\(agd.2\) and up to, including, (<=) 3.40\(ahq.3\)cpe:2.3:o:zyxel:p-660hw_t3_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:p-660hw_t3_firmware:3.40\(pe9\):*:*:*:*:*:*:*
- Zyxel » P-661hnu-f1 FirmwareVersions from including (>=) 3.40\(agd.2\) and up to, including, (<=) 3.40\(ahq.3\)cpe:2.3:o:zyxel:p-661hnu-f1_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:p-661hnu-f1_firmware:3.40\(pe9\):*:*:*:*:*:*:*
- Zyxel » P-661h FirmwareVersions from including (>=) 3.40\(agd.2\) and up to, including, (<=) 3.40\(ahq.3\)cpe:2.3:o:zyxel:p-661h_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:p-661h_firmware:3.40\(pe9\):*:*:*:*:*:*:*
- Zyxel » P-661hw-d1 FirmwareVersions from including (>=) 3.40\(agd.2\) and up to, including, (<=) 3.40\(ahq.3\)cpe:2.3:o:zyxel:p-661hw-d1_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:p-661hw-d1_firmware:3.40\(pe9\):*:*:*:*:*:*:*
- Zyxel » P-661hnu-f3 FirmwareVersions from including (>=) 3.40\(agd.2\) and up to, including, (<=) 3.40\(ahq.3\)cpe:2.3:o:zyxel:p-661hnu-f3_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:p-661hnu-f3_firmware:3.40\(pe9\):*:*:*:*:*:*:*
- Zyxel » P-662hw-d3 FirmwareVersions from including (>=) 3.40\(agd.2\) and up to, including, (<=) 3.40\(ahq.3\)cpe:2.3:o:zyxel:p-662hw-d3_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:p-662hw-d3_firmware:3.40\(pe9\):*:*:*:*:*:*:*
- Zyxel » P-662hw-d FirmwareVersions from including (>=) 3.40\(agd.2\) and up to, including, (<=) 3.40\(ahq.3\)cpe:2.3:o:zyxel:p-662hw-d_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:p-662hw-d_firmware:3.40\(pe9\):*:*:*:*:*:*:*
- Zyxel » P-662hw-d1 FirmwareVersions from including (>=) 3.40\(agd.2\) and up to, including, (<=) 3.40\(ahq.3\)cpe:2.3:o:zyxel:p-662hw-d1_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:p-662hw-d1_firmware:3.40\(pe9\):*:*:*:*:*:*:*
- Zyxel » P-662h-61 FirmwareVersions from including (>=) 3.40\(agd.2\) and up to, including, (<=) 3.40\(ahq.3\)cpe:2.3:o:zyxel:p-662h-61_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:p-662h-61_firmware:3.40\(pe9\):*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2008-1526
0.26%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 67 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2008-1526
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST | |
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
3.9
|
3.6
|
NIST | 2024-02-14 |
CWE ids for CVE-2008-1526
-
Assigned by: nvd@nist.gov (Primary)
-
The product generates a hash for a password, but it uses a scheme that does not provide a sufficient level of computational effort that would make password cracking attacks infeasible or expensive.Assigned by: nvd@nist.gov (Primary)
References for CVE-2008-1526
-
http://www.securityfocus.com/archive/1/489009/100/0/threaded
Broken Link;Third Party Advisory;VDB Entry
-
http://www.gnucitizen.org/projects/router-hacking-challenge/
Page not found ยท GitHub PagesBroken Link
-
http://www.procheckup.com/Hacking_ZyXEL_Gateways.pdf
Broken Link
Jump to