Cross-Site Scripting Vulnerability in ZyXEL P-660HW Series Router
CVE-2008-1257

Currently unrated

Key Information:

Vendor: Zyxel
Status: P-660hw D1; P-660hw T3; P-660hw; P-660hw D3
Vendor: CVE Published:; 10 March 2008

Summary

A vulnerability exists in the ZyXEL P-660HW series routers due to improper validation of user input in the Forms/DiagGeneral_2 module. Attackers can exploit this weakness by injecting arbitrary web script or HTML through the PingIPAddr parameter. This could result in malicious scripts being executed in the context of an authenticated user, potentially leading to unauthorized actions or data exposure.

References

http://www.securityfocus.com/archive/1/489009/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://www.gnucitizen.org/projects/router-hacking-challenge/

x_refsource_MISC

https://exchange.xforce.ibmcloud.com/vulnerabilities/41109

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Mar 10, 2008
Vulnerability Reserved
Mar 10, 2008