SNMP Service Vulnerability in ZyXEL Prestige Routers
CVE-2008-1524

Currently unrated

Key Information:

Vendor: Zyxel
Status: Zynos; Prestige 661; Prestige 660
Vendor: CVE Published:; 26 March 2008

Summary

The SNMP service on ZyXEL Prestige routers, specifically models P-660 and P-661, has a serious configuration issue, using 'public' as the default community string for both read and write operations. This misconfiguration allows remote attackers to execute administrative actions through SNMP, potentially compromising sensitive information. Attackers can exploit this vulnerability to read details such as the Dynamic DNS service password or manipulate system variables displayed on the System Status page, including the insertion of XSS sequences.

References

http://www.securityfocus.com/archive/1/489009/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://www.gnucitizen.org/projects/router-hacking-challenge/

x_refsource_MISC

http://www.procheckup.com/Hacking_ZyXEL_Gateways.pdf

x_refsource_MISC

Timeline

Vulnerability published
Mar 26, 2008
Vulnerability Reserved
Mar 25, 2008