CVE-2008-1528

ZyXEL Prestige 660 661 662 3.40(AGD.2)-3.40(AHQ.3) - Authenticated Information Disclosure via Direct HTML Request

Title source: llm

Description

ZyXEL Prestige routers, including P-660, P-661, and P-662 models with firmware 3.40(AGD.2) through 3.40(AHQ.3), allow remote authenticated users to obtain authentication data by making direct HTTP requests and then reading the HTML source, as demonstrated by a request for (1) RemMagSNMP.html, which discloses SNMP communities; or (2) WLAN.html, which discloses WEP keys.

References (4)

Core 4

Core References

Various Sources x_refsource_misc

http://www.procheckup.com/Hacking_ZyXEL_Gateways.pdf

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/489009/100/0/threaded

Various Sources x_refsource_misc

http://www.gnucitizen.org/projects/router-hacking-challenge/

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/41511

Scores

EPSS 0.0020

EPSS Percentile 42.1%

Details

CWE

CWE-287

Status published

Products (4)

zyxel/prestige_660 h-d1

zyxel/prestige_660 h-d3

zyxel/prestige_661 hw-d1

zyxel/zynos 3.40 agd.2 (6 CPE variants)

Published Mar 26, 2008

Tracked Since Feb 18, 2026