7.5

CVE-2008-1524

EPSS 0.52%
Veröffentlicht 26.03.2008 10:44:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

The SNMP service on ZyXEL Prestige routers, including P-660 and P-661 models with firmware 3.40(AGD.2) through 3.40(AHQ.3), has "public" as its default community for both (1) read and (2) write operations, which allows remote attackers to perform administrative actions via SNMP, as demonstrated by reading the Dynamic DNS service password or inserting an XSS sequence into the system.sysName.0 variable, which is displayed on the System Status page.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Zyxel ≫ Prestige 660 Versionh-d1

Zyxel ≫ Prestige 660 Versionh-d3

Zyxel ≫ Prestige 661 Versionhw-d1

Zyxel ≫ Zynos Version3.40 Updateagd.2

Zyxel ≫ Zynos Version3.40 Updateagl.3

Zyxel ≫ Zynos Version3.40 Updateahq.0

Zyxel ≫ Zynos Version3.40 Updateahq.3

Zyxel ≫ Zynos Version3.40 Updateahz.0

Zyxel ≫ Zynos Version3.40 Updateatm.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.52%	0.641

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

http://www.gnucitizen.org/projects/router-hacking-challenge/

http://www.securityfocus.com/archive/1/489009/100/0/threaded

http://www.procheckup.com/Hacking_ZyXEL_Gateways.pdf

https://nvd.nist.gov/vuln/detail/CVE-2008-1524

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2008-1524

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2008-1524

EUVD