CVE-2008-1524
ZyXEL Prestige 660 and 661 - Unauthenticated SNMP Write Access via Default Community String
Title source: llmDescription
The SNMP service on ZyXEL Prestige routers, including P-660 and P-661 models with firmware 3.40(AGD.2) through 3.40(AHQ.3), has "public" as its default community for both (1) read and (2) write operations, which allows remote attackers to perform administrative actions via SNMP, as demonstrated by reading the Dynamic DNS service password or inserting an XSS sequence into the system.sysName.0 variable, which is displayed on the System Status page.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/489009/100/0/threaded
Various Sources x_refsource_misc
http://www.gnucitizen.org/projects/router-hacking-challenge/
Various Sources x_refsource_misc
http://www.procheckup.com/Hacking_ZyXEL_Gateways.pdf
Scores
EPSS
0.0057
EPSS Percentile
68.7%
Details
CWE
CWE-16
Status
published
Products (4)
zyxel/prestige_660
h-d1
zyxel/prestige_660
h-d3
zyxel/prestige_661
hw-d1
zyxel/zynos
3.40 agd.2 (6 CPE variants)
Published
Mar 26, 2008
Tracked Since
Feb 18, 2026