CVE-2008-1524: XSS
First published: Wed Mar 26 2008(Updated: )
The SNMP service on ZyXEL Prestige routers, including P-660 and P-661 models with firmware 3.40(AGD.2) through 3.40(AHQ.3), has "public" as its default community for both (1) read and (2) write operations, which allows remote attackers to perform administrative actions via SNMP, as demonstrated by reading the Dynamic DNS service password or inserting an XSS sequence into the system.sysName.0 variable, which is displayed on the System Status page.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Zyxel Zynos | =3.40-ahq.0 | |
| Zyxel Zynos | =3.40-agl.3 | |
| Zyxel Zynos | =3.40-ahq.3 | |
| Zyxel Zynos | =3.40-ahz.0 | |
| Zyxel Prestige 661 | =hw-d1 | |
| Zyxel Prestige 660 | =h-d3 | |
| Zyxel Zynos | =3.40-atm.0 | |
| Zyxel Prestige 660 | =h-d1 | |
| Zyxel Zynos | =3.40-agd.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-historical
- collector/nvd-index
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/author
- agent/event
- agent/references
- agent/type
- agent/description
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/zyxel
- canonical/zyxel zynos
- version/zyxel zynos/3.40-ahq.0
- version/zyxel zynos/3.40-agl.3
- version/zyxel zynos/3.40-ahq.3
- version/zyxel zynos/3.40-ahz.0
- canonical/zyxel prestige 661
- version/zyxel prestige 661/hw-d1
- canonical/zyxel prestige 660
- version/zyxel prestige 660/h-d3
- version/zyxel zynos/3.40-atm.0
- version/zyxel prestige 660/h-d1
- version/zyxel zynos/3.40-agd.2