CVE-2015-6016 : ZyXEL P-660HW-T1 2 devices with ZyNOS firmware 3.40(AXH.0), PMG5318-B20A devices

ZyXEL P-660HW-T1 2 devices with ZyNOS firmware 3.40(AXH.0), PMG5318-B20A devices with firmware 1.00AANC0b5, and NBG-418N devices have a default password of 1234 for the admin account, which allows remote attackers to obtain administrative access via unspecified vectors.

Published 2015-12-31 05:59:15

Updated 2025-04-12 10:46:41

Source CERT/CC

View at NVD, CVE.org

Products affected by CVE-2015-6016

Zyxel » Nbg-418n » Version: N/A
cpe:2.3:h:zyxel:nbg-418n:-:*:*:*:*:*:*:*
Matching versions
Zyxel » Zynos Firmware » Version: 3.40(axh.0)
cpe:2.3:o:zyxel:zynos_firmware:3.40\(axh.0\):*:*:*:*:*:*:*
Matching versions
When used together with: Zyxel » P-660hw-t1 2
Zyxel » Pmg5318-b20a Firmware » Version: V100aanc0b5
cpe:2.3:o:zyxel:pmg5318-b20a_firmware:v100aanc0b5:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2015-6016

EPSS FAQ

4.50%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 88 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2015-6016

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
10.0	HIGH	AV:N/AC:L/Au:N/C:C/I:C/A:C	10.0	10.0	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
9.8	CRITICAL	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	3.9	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2015-6016

CWE-255

Assigned by: nvd@nist.gov (Primary)

References for CVE-2015-6016

https://www.kb.cert.org/vuls/id/BLUU-9ZQU2R

VU#870744 - ZyXEL NBG-418N, PMG5318-B20A and P-660HW-T1 routers contain multiple vulnerabilities
Third Party Advisory;US Government Resource

CVEs referencing this url
http://www.securitytracker.com/id/1034553

ZyXEL PMG5318-B20A Wireless Router Bugs Let Remote Users Execute Arbitrary Code and Gain Administrative Access - SecurityTracker

CVEs referencing this url
http://www.securitytracker.com/id/1034554

ZyXEL NBG-418N Wireless Router Bugs Let Remote Users Conduct Cross-Site Request Forgery Attacks and Gain Administrative Access - SecurityTracker

CVEs referencing this url
http://www.securitytracker.com/id/1034552

ZyXEL P-660HW-T1 2 Wireless Router Bugs Let Remote Users Conduct Cross-Site Scripting Attacks and Gain Administrative Access - SecurityTracker

CVEs referencing this url
https://www.kb.cert.org/vuls/id/870744

VU#870744 - ZyXEL NBG-418N, PMG5318-B20A and P-660HW-T1 routers contain multiple vulnerabilities
Third Party Advisory;US Government Resource

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2015-6016

Products affected by CVE-2015-6016

Exploit prediction scoring system (EPSS) score for CVE-2015-6016

CVSS scores for CVE-2015-6016

CWE ids for CVE-2015-6016

References for CVE-2015-6016