Weak Password Hashing in ZyXEL Prestige Routers
CVE-2008-1526

7.5HIGH

Key Information:

Vendor
Zyxel
Status
Zynos
Prestige 661
Prestige 660
Vendor
CVE Published:
26 March 2008

Summary

ZyXEL Prestige routers, specifically models P-660, P-661, and P-662 with firmware versions 3.40(PE9) and 3.40(AGD.2) through 3.40(AHQ.3), have a security weakness due to the lack of a salt in the MD5 password hashing process. This vulnerability exposes users to higher risks of password cracking, enabling potential unauthorized access to affected networks. Users are encouraged to update their firmware and enforce stronger password policies to mitigate this risk.

References

http://www.securityfocus.com/archive/1/489009/100/0/threaded
mailing-listx_refsource_BUGTRAQ
http://www.gnucitizen.org/projects/router-hacking-challenge/
x_refsource_MISC
http://www.procheckup.com/Hacking_ZyXEL_Gateways.pdf
x_refsource_MISC

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.