Cross-Site Request Forgery Vulnerabilities in Zyxel Wireless Router
CVE-2014-4162

Currently unrated

Key Information:

Vendor: Zyxel
Status: P-660hw
Vendor: CVE Published:; 16 June 2014

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2014-4162?

Multiple vulnerabilities in the Zyxel P-660HW-T1 (v3) wireless router enable remote attackers to exploit cross-site request forgery (CSRF) flaws. The attackers can hijack the administrative authentication and send unauthorized requests to change sensitive settings such as the Wi-Fi password or SSID, compromising the security of the network.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2014-4162 - Proof of Concept

References

http://www.exploit-db.com/exploits/33518

exploitx_refsource_EXPLOIT-DB

http://packetstormsecurity.com/files/126812/Zyxel-P-660HW...

x_refsource_MISC

http://secunia.com/advisories/58513

third-party-advisoryx_refsource_SECUNIA

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Jun 16, 2014
👾
Exploit known to exist
Jun 16, 2014
Vulnerability published
Jun 16, 2014
Vulnerability Reserved
Jun 16, 2014

CVE-2014-4162 Data

JSON