Authentication Bypass in Zyxel Router Firmware by Remote Attackers
CVE-2008-1259

Currently unrated

Key Information:

Vendor: Zyxel
Status: P-2602hw-d1a
Vendor: CVE Published:; 10 March 2008

What is CVE-2008-1259?

The Zyxel P-2602HW-D1A router exhibits a vulnerability related to the management of authentication states based on IP addresses. This flaw enables remote attackers to exploit the authentication mechanism by impersonating a user who has recently logged in. If an attacker can establish a connection from an IP address that was previously authenticated within the last 5 minutes, they can bypass the security measures, potentially gaining unauthorized access to the router's features and settings. This vulnerability underscores the importance of robust session management and proper authentication mechanisms in network devices.

References

http://www.securityfocus.com/archive/1/489009/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://www.gnucitizen.org/projects/router-hacking-challenge/

x_refsource_MISC

https://exchange.xforce.ibmcloud.com/vulnerabilities/41112

vdb-entryx_refsource_XF

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 10, 2008
Vulnerability Reserved
Mar 10, 2008