Multiple XSS Vulnerabilities in ZyXEL P-660HW-T1 Devices
CVE-2015-6017

6.1MEDIUM

Key Information:

Vendor
Zyxel
Status
P-660hw-t1 V2 Firmware
Vendor
CVE Published:
31 December 2015

Summary

ZyXEL P-660HW-T1 devices running ZyNOS firmware 3.40(AXH.0) are vulnerable to multiple Cross-Site Scripting (XSS) attacks. Attackers can exploit these vulnerabilities by injecting arbitrary web scripts or HTML into the affected devices. The vulnerabilities primarily stem from insufficient input validation in the LoginPassword and hiddenPassword parameters, potentially compromising network security and user credentials. It is crucial for users to apply security patches and implement robust security practices to mitigate the risks associated with this vulnerability.

References

http://www.securitytracker.com/id/1034552
vdb-entryx_refsource_SECTRACK
https://www.kb.cert.org/vuls/id/BLUU-9ZQU2R
x_refsource_CONFIRM
https://www.kb.cert.org/vuls/id/870744
third-party-advisoryx_refsource_CERT-VN

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.