Lucene search
HistoryMar 26, 2008 - 10:44 a.m.
CVE-2008-1527
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
6.9
Confidence
Low
EPSS
0.004
Percentile
73.3%
ZyXEL Prestige routers, including P-660, P-661, and P-662 models with firmware 3.40(PE9) and 3.40(AGD.2) through 3.40(AHQ.3), support authentication over HTTP via a hash string in the hiddenPassword field, which allows remote attackers to obtain access via a replay attack.
Affected configurations
Node
zyxelprestige_660Matchh-d1
ORzyxelprestige_660Matchh-d3
ORzyxelprestige_661Matchhw-d1
ORzyxelzynosMatch3.40agd.2
ORzyxelzynosMatch3.40agl.3
ORzyxelzynosMatch3.40ahq.0
ORzyxelzynosMatch3.40ahq.3
ORzyxelzynosMatch3.40ahz.0
ORzyxelzynosMatch3.40atm.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| zyxel | prestige_660 | h-d1 | cpe:2.3:h:zyxel:prestige_660:h-d1:*:*:*:*:*:*:* |
| zyxel | prestige_660 | h-d3 | cpe:2.3:h:zyxel:prestige_660:h-d3:*:*:*:*:*:*:* |
| zyxel | prestige_661 | hw-d1 | cpe:2.3:h:zyxel:prestige_661:hw-d1:*:*:*:*:*:*:* |
| zyxel | zynos | 3.40 | cpe:2.3:h:zyxel:zynos:3.40:agd.2:*:*:*:*:*:* |
| zyxel | zynos | 3.40 | cpe:2.3:h:zyxel:zynos:3.40:agl.3:*:*:*:*:*:* |
| zyxel | zynos | 3.40 | cpe:2.3:h:zyxel:zynos:3.40:ahq.0:*:*:*:*:*:* |
| zyxel | zynos | 3.40 | cpe:2.3:h:zyxel:zynos:3.40:ahq.3:*:*:*:*:*:* |
| zyxel | zynos | 3.40 | cpe:2.3:h:zyxel:zynos:3.40:ahz.0:*:*:*:*:*:* |
| zyxel | zynos | 3.40 | cpe:2.3:h:zyxel:zynos:3.40:atm.0:*:*:*:*:*:* |
Related
prion
prion
Authentication flaw
2008-03-26 10:44:00
cve
cve
CVE-2008-1527
2008-03-26 10:44:00
cvelist
cvelist
CVE-2008-1527
2008-03-26 10:00:00
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
6.9
Confidence
Low
EPSS
0.004
Percentile
73.3%
Related for NVD:CVE-2008-1527