Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1524

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2008-1524
Last Modified 05 Sep 2008 12:00:00
Published 26 Mar 2008 06:44:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-1524

Summary

The SNMP service on ZyXEL Prestige routers, including P-660 and P-661 models with firmware 3.40(AGD.2) through 3.40(AHQ.3), has "public" as its default community for both (1) read and (2) write operations, which allows remote attackers to perform administrative actions via SNMP, as demonstrated by reading the Dynamic DNS service password or inserting an XSS sequence into the system.sysName.0 variable, which is displayed on the System Status page.

Vulnerable Systems


References

BUGTRAQ - 20080301 The Router Hacking Challenge is Over!

MISC - http://www.procheckup.com/Hacking_ZyXEL_Gateways.pdf

MISC - http://www.gnucitizen.org/projects/router-hacking-challenge/


Last Updated: 27 May 2016 10:47:34