Information Disclosure in ZyXEL Prestige Routers by ZyXEL
CVE-2008-1523

Currently unrated

Key Information:

Vendor: Zyxel
Status: Zynos; Prestige 661; Prestige 660
Vendor: CVE Published:; 26 March 2008

Summary

ZyXEL Prestige routers allow remote authenticated users to gain unauthorized access to sensitive ISP and Dynamic DNS credentials. By directly requesting specific administrative pages (WAN.html, wzPPPOE.html, rpDyDNS.html) and examining the HTML source, attackers can easily extract critical information. This vulnerability affects various models, emphasizing the need for users to apply security best practices and firmware updates to mitigate potential risks.

References

http://www.securityfocus.com/archive/1/489009/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://www.gnucitizen.org/projects/router-hacking-challenge/

x_refsource_MISC

http://www.procheckup.com/Hacking_ZyXEL_Gateways.pdf

x_refsource_MISC

Timeline

Vulnerability published
Mar 26, 2008
Vulnerability Reserved
Mar 25, 2008