CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
73.3%
ZyXEL Prestige routers, including P-660, P-661, and P-662 models with firmware 3.40(PE9) and 3.40(AGD.2) through 3.40(AHQ.3), support authentication over HTTP via a hash string in the hiddenPassword field, which allows remote attackers to obtain access via a replay attack.
Vendor | Product | Version | CPE |
---|---|---|---|
zyxel | prestige_660 | h-d1 | cpe:2.3:h:zyxel:prestige_660:h-d1:*:*:*:*:*:*:* |
zyxel | prestige_660 | h-d3 | cpe:2.3:h:zyxel:prestige_660:h-d3:*:*:*:*:*:*:* |
zyxel | prestige_661 | hw-d1 | cpe:2.3:h:zyxel:prestige_661:hw-d1:*:*:*:*:*:*:* |
zyxel | zynos | 3.40 | cpe:2.3:h:zyxel:zynos:3.40:agd.2:*:*:*:*:*:* |
zyxel | zynos | 3.40 | cpe:2.3:h:zyxel:zynos:3.40:agl.3:*:*:*:*:*:* |
zyxel | zynos | 3.40 | cpe:2.3:h:zyxel:zynos:3.40:ahq.0:*:*:*:*:*:* |
zyxel | zynos | 3.40 | cpe:2.3:h:zyxel:zynos:3.40:ahq.3:*:*:*:*:*:* |
zyxel | zynos | 3.40 | cpe:2.3:h:zyxel:zynos:3.40:ahz.0:*:*:*:*:*:* |
zyxel | zynos | 3.40 | cpe:2.3:h:zyxel:zynos:3.40:atm.0:*:*:*:*:*:* |