Cross-Site Scripting Vulnerability in Zyxel Prestige 660H Router
CVE-2006-3929

Currently unrated

Key Information:

Vendor: Zyxel
Status: Prestige 660h-61
Vendor: CVE Published:; 31 July 2006

Summary

A cross-site scripting vulnerability exists within the Forms/rpSysAdmin script of the Zyxel Prestige 660H-61 ADSL Router equipped with firmware version 3.40(PT.0)b32. This flaw allows remote attackers to exploit the router by injecting malicious web scripts or HTML through hex-encoded values in the 'a' parameter, potentially compromising the security of users accessing the router's interface.

References

http://www.securityfocus.com/bid/19180

vdb-entryx_refsource_BID

https://exchange.xforce.ibmcloud.com/vulnerabilities/28021

vdb-entryx_refsource_XF

http://www.osvdb.org/27548

vdb-entryx_refsource_OSVDB

EPSS Score

9% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jul 31, 2006
Vulnerability Reserved
Jul 31, 2006