SNMP Configuration Flaw in ZyXEL Prestige Routers Allowing Unauthorized Access
CVE-2008-1525

Currently unrated

Key Information:

Vendor: Zyxel
Status: Zynos; Prestige 661; Prestige 660
Vendor: CVE Published:; 26 March 2008

What is CVE-2008-1525?

The default SNMP configuration on ZyXEL Prestige routers, including the P-660 and P-661 models running specific firmware versions, is set with a Trusted Host value of 0.0.0.0. This configuration flaw enables remote attackers to send SNMP requests from any source IP address, potentially compromising network security and allowing unauthorized access to sensitive information.

References

http://www.securityfocus.com/archive/1/489009/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://www.gnucitizen.org/projects/router-hacking-challenge/

x_refsource_MISC

http://www.procheckup.com/Hacking_ZyXEL_Gateways.pdf

x_refsource_MISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 26, 2008
Vulnerability Reserved
Mar 25, 2008

Zyxel

What is CVE-2008-1525?

References

Timeline