Cross-Site Scripting Vulnerability in ZyXEL P-330W Router
CVE-2007-6729

Currently unrated

Key Information:

Vendor: Zyxel
Status: P-330w Router
Vendor: CVE Published:; 10 September 2009

Summary

A cross-site scripting (XSS) vulnerability exists in the web management interface of the ZyXEL P-330W router. This issue allows remote attackers to inject arbitrary web scripts or HTML via the pingstr parameter, as well as potentially other unspecified vectors. Successful exploitation could enable attackers to perform actions on behalf of users, leading to unauthorized access or manipulation of user data.

References

http://www.securityfocus.com/bid/27024

vdb-entryx_refsource_BID

http://secunia.com/advisories/28172

third-party-advisoryx_refsource_SECUNIA

http://seclists.org/fulldisclosure/2007/Dec/0559.html

mailing-listx_refsource_FULLDISC

Timeline

Vulnerability published
Sep 10, 2009
Vulnerability Reserved
Sep 9, 2009