ZyXEL Prestige routers, including P-660, P-661, and P-662 models with firmware 3.40(AGD.2) through 3.40(AHQ.3), allow remote authenticated users to obtain authentication data by making direct HTTP requests and then reading the HTML source, as demonstrated by a request for (1) RemMagSNMP.html, which discloses SNMP communities; or (2) WLAN.html, which discloses WEP keys.
When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Prestige_660 | Zyxel | h-d1 | h-d1 |
Prestige_660 | Zyxel | h-d3 | h-d3 |
Prestige_661 | Zyxel | hw-d1 | hw-d1 |
Zynos | Zyxel | 3.40 | 3.40 |
Zynos | Zyxel | 3.40 | 3.40 |
Zynos | Zyxel | 3.40 | 3.40 |
Zynos | Zyxel | 3.40 | 3.40 |
Zynos | Zyxel | 3.40 | 3.40 |
Zynos | Zyxel | 3.40 | 3.40 |