Cross-Site Request Forgery Vulnerabilities in Zyxel Routers
CVE-2008-1260

Currently unrated

Key Information:

Vendor: Zyxel
Status: P-2602hw-d1a
Vendor: CVE Published:; 10 March 2008

What is CVE-2008-1260?

The Zyxel P-2602HW-D1A router is susceptible to multiple cross-site request forgery vulnerabilities. These vulnerabilities can enable remote attackers to manipulate router settings, including exposing the admin web interface over the WAN. Additionally, attackers can modify the IP whitelisting timeout, which can lead to unauthorized access to sensitive administrative functions, potentially compromising the security of the network.

References

http://www.securityfocus.com/archive/1/489009/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://www.gnucitizen.org/projects/router-hacking-challenge/

x_refsource_MISC

https://exchange.xforce.ibmcloud.com/vulnerabilities/41170

vdb-entryx_refsource_XF

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 10, 2008
Vulnerability Reserved
Mar 10, 2008