CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 2CVE-2018-5330 – ZyXEL P-660HW UDP Denial of Service
https://notcve.org/view.php?id=CVE-2018-5330
12 Jan 2018 — ZyXEL P-660HW v3 devices allow remote attackers to cause a denial of service (router unreachable/unresponsive) via a flood of fragmented UDP packets. Los dispositivos ZyXEL P-660HW v3 permiten que atacantes remotos provoquen una denegación de servicio (router no alcanzable/no responde) mediante una inundación de paquetes UDP fragmentados. ZyXEL P-660HW suffers from a UDP fragmentation denial of service vulnerability. • https://packetstorm.news/files/id/145863 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 2CVE-2017-17901 – ZyXEL P-660HW TTL Expiry Denial of Service
https://notcve.org/view.php?id=CVE-2017-17901
26 Dec 2017 — ZyXEL P-660HW v3 devices allow remote attackers to cause a denial of service (CPU consumption) via a flood of IP packets with a TTL of 1. Los dispositivos ZyXEL P-660HW v3 permite que atacantes remotos provoquen una denegación de servicio (consumo de CPU) mediante una inundación de paquetes IP con un TTL de 1. ZyXEL P-660HW version 3 suffers from a TTL expiry denial of service vulnerability. • https://packetstorm.news/files/id/145548 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-6017
https://notcve.org/view.php?id=CVE-2015-6017
31 Dec 2015 — Multiple cross-site scripting (XSS) vulnerabilities in Forms/rpAuth_1 on ZyXEL P-660HW-T1 2 devices with ZyNOS firmware 3.40(AXH.0) allow remote attackers to inject arbitrary web script or HTML via the (1) LoginPassword or (2) hiddenPassword parameter. Múltiples vulnerabilidades de XSS en Forms/rpAuth_1 en dispositivos ZyXEL P-660HW-T1 2 con firmware ZyNOS 3.40(AXH.0) permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro (1) LoginPassword o (2) hiddenPassw... • http://www.securitytracker.com/id/1034552 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 5%CPEs: 4EXPL: 0CVE-2015-6016
https://notcve.org/view.php?id=CVE-2015-6016
31 Dec 2015 — ZyXEL P-660HW-T1 2 devices with ZyNOS firmware 3.40(AXH.0), PMG5318-B20A devices with firmware 1.00AANC0b5, and NBG-418N devices have a default password of 1234 for the admin account, which allows remote attackers to obtain administrative access via unspecified vectors. Dispositivos ZyXEL P-660HW-T1 2 con firmware ZyNOS 3.40(AXH.0), dispositivos PMG5318-B20A con firmware 1.00AANC0b5 y dispositivos NBG-418N tienen una contraseña por defecto de 1234 para la cuenta de admin, lo que permite a atacantes remotos ... • http://www.securitytracker.com/id/1034552 • CWE-255: Credentials Management Errors •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2014-4162 – ZYXEL P-660HW-T1 3 Wireless Router - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2014-4162
16 Jun 2014 — Multiple cross-site request forgery (CSRF) vulnerabilities in the Zyxel P-660HW-T1 (v3) wireless router allow remote attackers to hijack the authentication of administrators for requests that change the (1) wifi password or (2) SSID via a request to Forms/WLAN_General_1. Múltiples vulnerabilidades de CSRF en el router inalámbrico Zyxel P-660HW-T1 (v3) permiten a atacantes remotos secuestrar la autenticación de administradores para solicitudes que cambian (1) la contraseña de wifi o (2) SSID a través de una ... • https://www.exploit-db.com/exploits/33518 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.8EPSS: 0%CPEs: 15EXPL: 0CVE-2013-3588
https://notcve.org/view.php?id=CVE-2013-3588
02 Apr 2014 — The web management interface on Zyxel P660 devices allows remote attackers to cause a denial of service (reboot) via a flood of TCP SYN packets. La interfaz de gestión web en dispositivos Zyxel P660 permite a atacantes remotos causar una denegación de servicio (reinicio) a través de una inundación de paquetes TCP SYN. • http://www.kb.cert.org/vuls/id/893726 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 2CVE-2013-6786
https://notcve.org/view.php?id=CVE-2013-6786
16 Jan 2014 — Cross-site scripting (XSS) vulnerability in Allegro RomPager before 4.51, as used on the ZyXEL P660HW-D1, Huawei MT882, Sitecom WL-174, TP-LINK TD-8816, and D-Link DSL-2640R and DSL-2641R, when the "forbidden author header" protection mechanism is bypassed, allows remote attackers to inject arbitrary web script or HTML by requesting a nonexistent URI in conjunction with a crafted HTTP Referer header that is not properly handled in a 404 page. NOTE: there is no CVE for a "URL redirection" issue that some sou... • http://antoniovazquezblanco.github.io/docs/advisories/Advisory_RomPagerXSS.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 57EXPL: 0CVE-2008-1526
https://notcve.org/view.php?id=CVE-2008-1526
26 Mar 2008 — ZyXEL Prestige routers, including P-660, P-661, and P-662 models with firmware 3.40(PE9) and 3.40(AGD.2) through 3.40(AHQ.3), do not use a salt when calculating an MD5 password hash, which makes it easier for attackers to crack passwords. Los routers ZyXEL Prestige, incluyendo los modelos P-660, P-661 y P-662 con firmware 3.40(PE9) y 3.40(AGD.2) hasta la 3.40(AHQ.3), no utilizan salt cuando se calcula el hash de una contraseña MD5, lo cual facilita a los atacantes craquear contraseñas. • http://www.gnucitizen.org/projects/router-hacking-challenge • CWE-916: Use of Password Hash With Insufficient Computational Effort •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2008-1254
https://notcve.org/view.php?id=CVE-2008-1254
10 Mar 2008 — Multiple cross-site request forgery (CSRF) vulnerabilities on the ZyXEL P-660HW series router allow remote attackers to (1) change DNS servers and (2) add keywords to the "bannedlist" via unspecified vectors. Múltiples vulnerabilidades de falsificación de petición en sitios cruzados (CSRF) en los routers de las series ZyXEL P-660HW, permiten a atacantes remotos (1) modificar los servidores DNS y (2) añadir palabras claves a "bannedlist" a través de vectores no especificados. • http://www.gnucitizen.org/projects/router-hacking-challenge • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 0CVE-2008-1257
https://notcve.org/view.php?id=CVE-2008-1257
10 Mar 2008 — Cross-site scripting (XSS) vulnerability in Forms/DiagGeneral_2 on the ZyXEL P-660HW series router allows remote attackers to inject arbitrary web script or HTML via the PingIPAddr parameter. vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Forms/DiagGeneral_2 del router ZyXEL P-660HW series permite a atacantes remotos inyectar web script o HTML de su elección a través del parámetro PingIPAddr. • http://www.gnucitizen.org/projects/router-hacking-challenge • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •