CVE-2019-6725

CRITICAL

ZyXEL P-660HN-T1 V2 2.00(AAKK.3) - Unauthenticated Hard-coded Credential Exposure via rpWLANRedirect.asp

Title source: llm
STIX 2.1

Description

The rpWLANRedirect.asp ASP page is accessible without authentication on ZyXEL P-660HN-T1 V2 (2.00(AAKK.3)) devices. After accessing the page, the admin user's password can be obtained by viewing the HTML source code, and the interface of the modem can be accessed as admin.

References (1)

Core 1
Core References
Mailing List, Third Party Advisory mailing-list x_refsource_bugtraq
https://seclists.org/bugtraq/2019/May/78

Scores

CVSS v3 9.8
EPSS 0.0044
EPSS Percentile 63.1%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-798
Status published
Products (1)
zyxel/p-660hn-t1_firmware 2.00\(aakk.3\)
Published May 31, 2019
Tracked Since Feb 18, 2026