CVE-2008-1524

The SNMP service on ZyXEL Prestige routers, including P-660 and P-661 models with firmware 3.40(AGD.2) through 3.40(AHQ.3), has "public" as its default community for both (1) read and (2) write operations, which allows remote attackers to perform administrative actions via SNMP, as demonstrated by reading the Dynamic DNS service password or inserting an XSS sequence into the system.sysName.0 variable, which is displayed on the System Status page.

Published: Mar 26, 2008
Updated: Apr 13, 2023
CVE: CVE-2008-1524
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-16

OWASP TOP 10:

A6 - Security Misconfiguration

Affected Software
References

Software	From	Fixed in
zyxel / zynos	3.40-ahq.0	3.40-ahq.0.x
zyxel / zynos	3.40-agl.3	3.40-agl.3.x
zyxel / zynos	3.40-ahq.3	3.40-ahq.3.x
zyxel / zynos	3.40-ahz.0	3.40-ahz.0.x
zyxel / prestige_661	hw-d1	hw-d1.x
zyxel / prestige_660	h-d3	h-d3.x
zyxel / zynos	3.40-atm.0	3.40-atm.0.x
zyxel / prestige_660	h-d1	h-d1.x
zyxel / zynos	3.40-agd.2	3.40-agd.2.x

Vulnerability Database

289,697

CVE-2008-1524