Authentication Vulnerability in ZyXEL Prestige Routers
CVE-2008-1527

Currently unrated

Key Information:

Vendor: Zyxel
Status: Zynos; Prestige 661; Prestige 660
Vendor: CVE Published:; 26 March 2008

Summary

ZyXEL Prestige routers, including models P-660, P-661, and P-662, are affected by a significant authentication issue. The routers support authentication over HTTP via a hash string in the hiddenPassword field. This design flaw enables remote attackers to exploit the vulnerability through replay attacks, potentially gaining unauthorized access to the network. Users are strongly advised to review their router firmware and apply necessary security measures to mitigate the risk.

References

http://www.securityfocus.com/archive/1/489009/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://www.gnucitizen.org/projects/router-hacking-challenge/

x_refsource_MISC

http://www.procheckup.com/Hacking_ZyXEL_Gateways.pdf

x_refsource_MISC

Timeline

Vulnerability published
Mar 26, 2008
Vulnerability Reserved
Mar 25, 2008