CVE-2008-1528

Sažetak

ZyXEL Prestige routers, including P-660, P-661, and P-662 models with firmware 3.40(AGD.2) through 3.40(AHQ.3), allow remote authenticated users to obtain authentication data by making direct HTTP requests and then reading the HTML source, as demonstrated by a request for (1) RemMagSNMP.html, which discloses SNMP communities; or (2) WLAN.html, which discloses WEP keys.

Reference

http://www.gnucitizen.org/projects/router-hacking-challenge/
http://www.procheckup.com/Hacking_ZyXEL_Gateways.pdf
http://www.securityfocus.com/archive/1/489009/100/0/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/41511

CVSS

Base:	4.0
Impact:	2.9
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:L/Au:S/C:P/I:N/A:N

Zadnje važnije ažuriranje

11-10-2018 - 20:35

Objavljeno

26-03-2008 - 10:44