CVE Vulnerabilities

CVE-2008-1528

Improper Authentication

Published: Mar 26, 2008 | Modified: Oct 11, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4 MEDIUM
AV:N/AC:L/Au:S/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

ZyXEL Prestige routers, including P-660, P-661, and P-662 models with firmware 3.40(AGD.2) through 3.40(AHQ.3), allow remote authenticated users to obtain authentication data by making direct HTTP requests and then reading the HTML source, as demonstrated by a request for (1) RemMagSNMP.html, which discloses SNMP communities; or (2) WLAN.html, which discloses WEP keys.

Weakness

When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.

Affected Software

Name Vendor Start Version End Version
Prestige_660 Zyxel h-d1 h-d1
Prestige_660 Zyxel h-d3 h-d3
Prestige_661 Zyxel hw-d1 hw-d1
Zynos Zyxel 3.40 3.40
Zynos Zyxel 3.40 3.40
Zynos Zyxel 3.40 3.40
Zynos Zyxel 3.40 3.40
Zynos Zyxel 3.40 3.40
Zynos Zyxel 3.40 3.40

Potential Mitigations

References